Vulnerabilities > CVE-2022-24896 - Unspecified vulnerability in Enalean Tuleap
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
Vulnerable Configurations
References
- https://github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a184313
- https://github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a184313
- https://github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39
- https://github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=8e99e7c82d9fe569799019b9e1d614d38a184313
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=8e99e7c82d9fe569799019b9e1d614d38a184313
- https://tuleap.net/plugins/tracker/?aid=26729
- https://tuleap.net/plugins/tracker/?aid=26729