ByteOS Network

NVD Vulnerability Details :

CVE-2024-52599

Analyzed

Source-security-advisories@github.com

Published At-09 Dec, 2024 | 19:15

Updated At-22 Aug, 2025 | 16:19

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

Enalean SAS

>>tuleap>>Versions before 16.0-7(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Enalean SAS

>>tuleap>>Versions before 16.1.99.50(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*

Enalean SAS

>>tuleap>>Versions from 16.1(inclusive) to 16.1-4(exclusive)

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5	security-advisories@github.com	Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7	security-advisories@github.com	Third Party Advisory Patch
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5	security-advisories@github.com	Permissions Required
https://tuleap.net/plugins/tracker/?aid=40459	security-advisories@github.com	Third Party Advisory Issue Tracking Patch Exploit

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History