Vulnerabilities > CVE-2024-47766 - Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx
- https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674
- https://tuleap.net/plugins/tracker/?aid=39736