CVE-2024-25130
Tuleap's mass update clears the permissions on artifact field
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Produtos afetados
Enalean · tuleapQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667https://tuleap.net/plugins/tracker/?aid=36803