- Description
- Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- tuleap
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-280
- Hype score
- Not currently trending
CVE-2025-24029 Unauthorized Artifact Access Vulnerability in Tuleap Open Source Management Platform https://t.co/ZioJa3R9SR
@VulmonFeeds
3 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24029 Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard… https://t.co/Mipp0yithC
@CVEnew
3 Feb 2025
323 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C94363E-3A6A-431B-B09E-82607147B52D",
"versionEndExcluding": "16.2-7"
},
{
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0A6CE6F-83BA-4D5C-B686-A30701402260",
"versionEndExcluding": "16.3.99.1737562605"
},
{
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACECC850-13ED-4516-BC1F-01FB9153332B",
"versionEndExcluding": "16.3-5",
"versionStartIncluding": "16.3"
}
],
"operator": "OR"
}
]
}
]