CVE-2024-30246

Published Mar 29, 2024

Last updated 8 days ago

CVSS high 7.6

Overview

Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-440
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ABA9252-EF9D-4BD2-98DB-4FCF5B2037B7",
            "versionEndExcluding": "15.7.99.6",
            "versionStartIncluding": "14.11.99.34 "
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACE0DEB1-102A-44EE-8217-E1D489080FAF",
            "versionEndExcluding": "14.12-6",
            "versionStartIncluding": "14.12-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5542D6-16D4-407A-BCFC-32C96219F20E",
            "versionEndExcluding": "15.0-9",
            "versionStartIncluding": "15.0-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA862976-6285-4A88-8D47-66AA341405EB",
            "versionEndExcluding": "15.1-9",
            "versionStartIncluding": "15.1-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AE18296-FDFC-4A94-A245-35A98637A151",
            "versionEndExcluding": "15.2-5",
            "versionStartIncluding": "15.2-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF0788F9-2729-418B-8761-843325A40FF7",
            "versionEndExcluding": "15.3-6",
            "versionStartIncluding": "15.3-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AADD7EC-A8D9-4202-848C-AAA5B0F37CC5",
            "versionEndExcluding": "15.4-8",
            "versionStartIncluding": "15.4-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BD949BE-FE7B-46F6-8E31-C4ACDF6EE508",
            "versionEndExcluding": "15.5-6",
            "versionStartIncluding": "15.5-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "180691C4-B2E2-4387-9AB5-8A8678A984AE",
            "versionEndExcluding": "15.6-5",
            "versionStartIncluding": "15.6-1"
          },
          {
            "criteria": "cpe:2.3:a:enalean:tuleap:15.7-1:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "791E4104-6EB7-409D-9BF3-08D6AEFCFEEC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References