Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37167

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-25 Jun, 2024 | 19:28
Updated At-02 Aug, 2024 | 03:50
Rejected At-
Credits

Tuleap has improper permissions of the backlog items

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:25 Jun, 2024 | 19:28
Updated At:02 Aug, 2024 | 03:50
Rejected At:
▼CVE Numbering Authority (CNA)
Tuleap has improper permissions of the backlog items

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

Affected Products
Vendor
Enalean SASEnalean
Product
tuleap
Versions
Affected
  • < 15.9.99.97
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285: Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285: Improper Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
x_refsource_MISC
https://tuleap.net/plugins/tracker/?aid=38297
x_refsource_MISC
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Resource:
x_refsource_MISC
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Resource:
x_refsource_MISC
Hyperlink: https://tuleap.net/plugins/tracker/?aid=38297
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
x_refsource_CONFIRM
x_transferred
https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
x_refsource_MISC
x_transferred
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
x_refsource_MISC
x_transferred
https://tuleap.net/plugins/tracker/?aid=38297
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://tuleap.net/plugins/tracker/?aid=38297
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:25 Jun, 2024 | 20:15
Updated At:22 Aug, 2025 | 15:43

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Enalean SAS
enalean
>>tuleap>>Versions before 15.8-5(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
Enalean SAS
enalean
>>tuleap>>Versions before 15.9.99.97(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
Enalean SAS
enalean
>>tuleap>>Versions from 15.9(inclusive) to 15.9-3(exclusive)
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
CWE-285Secondarysecurity-advisories@github.com
CWE ID: CWE-285
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5esecurity-advisories@github.com
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvjsecurity-advisories@github.com
Vendor Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5esecurity-advisories@github.com
Broken Link
https://tuleap.net/plugins/tracker/?aid=38297security-advisories@github.com
Vendor Advisory
https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5eaf854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvjaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5eaf854a3a-2127-422b-91ae-364da2661108
Broken Link
https://tuleap.net/plugins/tracker/?aid=38297af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Source: security-advisories@github.com
Resource:
Broken Link
Hyperlink: https://tuleap.net/plugins/tracker/?aid=38297
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://tuleap.net/plugins/tracker/?aid=38297
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2025-1806
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-01 Mar, 2025 | 23:31
Updated-09 Apr, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eastnets PaymentSafe URL Default.aspx improper authorization

A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue.

Action-Not Available
Vendor-Eastnets
Product-PaymentSafe
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-1607
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.33%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 00:31
Updated-14 May, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System salary_slip.php authorization

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_employee_management_systemBest Employee Management System
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-0027
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.83%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:30
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-cortex_xsoarCortex XSOAR
CWE ID-CWE-285
Improper Authorization
CVE-2024-45805
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.55%
||
7 Day CHG~0.00%
Published-26 Dec, 2024 | 21:34
Updated-22 May, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenCTI leaks support information due to inadequate access control

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.

Action-Not Available
Vendor-citeumOpenCTI-Platform
Product-openctiopencti
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-285
Improper Authorization
CVE-2021-3049
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-2.6||LOW
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 17:10
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability

An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-cortex_xsoarCortex XSOAR
CWE ID-CWE-285
Improper Authorization
CVE-2024-39416
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 11:57
Updated-14 Aug, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized user can export Orders Sale Report

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommerceAdobe Commercecommerce
CWE ID-CWE-285
Improper Authorization
CVE-2020-5333
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found