ByteOS Network

NVD Vulnerability Details :

CVE-2024-47766

Analyzed

Source-security-advisories@github.com

Published At-14 Oct, 2024 | 18:15

Updated At-17 Oct, 2024 | 13:48

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Enalean SAS

>>tuleap>>Versions before 15.12-8(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Enalean SAS

>>tuleap>>Versions before 15.13.99.110(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*

Enalean SAS

>>tuleap>>Versions from 15.13-0(inclusive) to 15.13-5(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-755	Primary	nvd@nist.gov
CWE-280	Secondary	security-advisories@github.com

CWE ID: CWE-755

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-280

Type: Secondary