Lucene search

GitHub_MCVELIST:CVE-2024-23344

HistoryFeb 06, 2024 - 3:58 p.m.

CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users

2024-02-0615:58:19

CWE-200

GitHub_M

www.cve.org

cve-2024-23344

tuleap

unauthorized access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.7%

JSON

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.

CNA Affected

[
  {
    "vendor": "Enalean",
    "product": "tuleap",
    "versions": [
      {
        "version": "< 15.4.99.140",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42

github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42

tuleap.net/plugins/tracker/?aid=35862

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for CVELIST:CVE-2024-23344