CVE-2025-64497 Tuleap exposes releases for all projects to File Release System project administrators

Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not...

CVE-2025-64497

CVE-2025-64497 describes an access-control vulnerability in Tuleap where users without access to certain projects could retrieve file release system information. Affected products are Tuleap Community Edition versions below 17.0.99.1762431347 and Tuleap Enterprise Edition versions below 17.0-2, 1...

CVE-2025-64497 Tuleap exposes releases for all projects to File Release System project administrators

Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not...

CVE-2025-64497 Tuleap exposes releases for all projects to File Release System project administrators

Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not...

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...

Privilege Escalation

github.com/gardener/gardener is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization checks due to the gardenlet component allowing project administrators to gain control over seed clusters managing their shoot clusters in environments using...

Users who don't have Jira administrators global permission can create issue collectors

h3. Issue Summary The following description exists in our document "Using the issue collector|https://confluence.atlassian.com/adminjiraserver0912/using-the-issue-collector-1346047512.html" code For all of the following procedures, you must be logged in as a user with the Jira administrators glob...

CVE-2024-36471

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...

Design/Logic Flaw

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...

PT-2023-25394 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere versions prior to 2.10.2 LTS Description: Metersphere is an open source continuous testing platform. In the affected versions, some key APIs lack permission checks, allowing ordinary users to execute APIs that can only be executed...

CVE-2023-35938 User access not updated with privilege change in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...

CVE-2023-35938 User access not updated with privilege change in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users tha...

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...

PT-2022-27989 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions 2022.10 through 2022.10.1 Description: The issue allows TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators when connecting to AWS using the "Default Credentia...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

PT-2022-12374 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.31.10 Description: The issue is related to Broken Access Control, where a Project Admin has the ability to create, edit, and delete Repository Layouts. However, this configuration should only be available...

JFrog Artifactory 安全漏洞

Jfrog JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's Jfrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for tracking artifact automation from development to production. A security vulnerabilit...

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...

Improper access control

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...