Vulnerabilities > CVE-2024-23344 - Unspecified vulnerability in Enalean Tuleap
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
Vulnerable Configurations
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w
- https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42
- https://tuleap.net/plugins/tracker/?aid=35862