CVE-2024-23344
Tuleap's content of artifacts might be readable by unauthorized users
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Enalean · tuleapWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85whttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42https://tuleap.net/plugins/tracker/?aid=35862