Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

CVE-2025-30209

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.

Affected products

Enalean/Tuleapv5
Range: < 16.5.99.1742812323

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/34af2d5d10b0349967129f53427f495815e5bbccmitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-hcp5-pmpm-mgwhmitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000