Vulnerability CVE-2024-47766
Published: 2024-10-14

Description:
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Type:

CWE-280

 (Improper Handling of Insufficient Permissions or Privileges )

 References:
https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx
https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674
https://tuleap.net/plugins/tracker/?aid=39736
Copyright 2024, cxsecurity.com

 

Back to Top