Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Tuleap does not enforce read permissions on parent trackers in the REST API

CVE-2025-30155

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Affected products

Enalean/Tuleapv5
Range: < 16.5.99.1742392651

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726mitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppgmitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000