Lucene search

GoogleOSV:CVE-2024-30246

HistoryMar 29, 2024 - 4:15 p.m.

CVE-2024-30246

2024-03-2916:15:08

Google

osv.dev

tuleap

vulnerability

malicious user

delete

gain access

restricted information

fixed

version 15.7.99.6

version 15.7-2

version 15.6-5

version 15.5-6

version 15.4-8

version 15.3-6

version 15.2-5

version 15.1-9

version 15.0-9

version 14.12-6

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.

CPENameOperatorVersion
tuleapeq11.14
tuleapeq8.1
tuleapeq8.14
tuleapeq8.9
tuleapeq9.12
tuleapeq8.6
tuleapeq5.0.2
tuleapeq13.3
tuleapeq12.8
tuleapeq7.4

Name	Operator	Version
tuleap	eq	11.14
tuleap	eq	8.1
tuleap	eq	8.14
tuleap	eq	8.9
tuleap	eq	9.12
tuleap	eq	8.6
tuleap	eq	5.0.2
tuleap	eq	13.3
tuleap	eq	12.8
tuleap	eq	7.4

Rows per page:

1-10 of 1841

References

github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316

github.com/Enalean/tuleap/security/advisories/GHSA-jc7g-4pcv-8jcj

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a0ba0ae82a29eb8bfacef286778e5e49954f5316

tuleap.net/plugins/tracker/?aid=37545