Lucene search

PRIOn knowledge basePRION:CVE-2023-35938

HistoryJun 29, 2023 - 8:15 p.m.

Design/Logic Flaw

2023-06-2920:15:00

PRIOn knowledge base

www.prio-n.com

tuleap

project visibility

flaw

fix

version 14.9.99.63

upgrade

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.

CPENameOperatorVersion
tuleaplt14.9.99.63
tuleapeq< 14.10-1

CPE	Name	Operator	Version
	tuleap	lt	14.9.99.63
	tuleap	eq	< 14.10-1

References

github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91

github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91

tuleap.net/plugins/tracker/?aid=32278