Unrated severityNVD Advisory· Published Feb 3, 2025· Updated Feb 4, 2025
Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap
CVE-2025-24029
Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: < 16.3.99.1737562605
- Range: < 16.3-5
Patches
Vulnerability mechanics
References
4- github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9mitrex_refsource_CONFIRM
- tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
- tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
- tuleap.net/plugins/tracker/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.