Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-54877
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-29 Aug, 2025 | 15:07
Updated At-29 Aug, 2025 | 15:23
Rejected At-
▼CVE Numbering Authority (CNA)
Tuleap's special and always there fields permissions are not verified in cross-tracker search

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5.

Affected Products
Vendor
Enalean SASEnalean
Product
tuleap
Versions
Affected
  • Tuleap Community Edition < 16.10.99.1754050155
  • Tuleap Enterprise Edition < 16.10-5
  • Tuleap Enterprise Edition < 16.9-8
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Enalean/tuleap/security/advisories/GHSA-m5qc-c3q5-2p29
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/b0c1328f96135ee6a3f84d0847be5f843eafa590
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b0c1328f96135ee6a3f84d0847be5f843eafa590
x_refsource_MISC
https://tuleap.net/plugins/tracker/?aid=44068
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found