CVE-2024-25130
Tuleap's mass update clears the permissions on artifact field
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Productos afectados
Enalean · tuleap¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667https://tuleap.net/plugins/tracker/?aid=36803