2024-10-14 20:03:18 +00:00
{
"id" : "CVE-2024-47767" ,
"sourceIdentifier" : "security-advisories@github.com" ,
"published" : "2024-10-14T18:15:04.593" ,
2024-10-17 14:03:54 +00:00
"lastModified" : "2024-10-17T13:50:45.307" ,
"vulnStatus" : "Analyzed" ,
2024-10-14 20:03:18 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue."
2024-10-15 14:03:18 +00:00
} ,
{
"lang" : "es" ,
"value" : "Tuleap es una herramienta para la trazabilidad de extremo a extremo de los desarrollos de aplicaciones y sistemas. En versiones anteriores a Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5 y Tuleap Enterprise Edition 15.12-5, los usuarios pod\u00edan ver nombres de rastreadores a los que no deber\u00edan tener acceso. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5 y Tuleap Enterprise Edition 15.12-8 solucionan este problema."
2024-10-14 20:03:18 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-10-17 14:03:54 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "security-advisories@github.com" ,
"type" : "Secondary" ,
2024-10-17 14:03:54 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM" ,
2024-10-17 14:03:54 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-10-17 14:03:54 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
} ,
2024-10-14 20:03:18 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-10-14 20:03:18 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM" ,
2024-10-14 20:03:18 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-10-14 20:03:18 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
2024-12-08 03:06:42 +00:00
"source" : "security-advisories@github.com" ,
"type" : "Secondary" ,
2024-10-17 14:03:54 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-280"
2024-10-17 14:03:54 +00:00
}
]
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-10-14 20:03:18 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-755"
2024-10-14 20:03:18 +00:00
}
]
}
] ,
2024-10-17 14:03:54 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*" ,
"versionEndExcluding" : "15.12-8" ,
"matchCriteriaId" : "7BB42325-937B-4940-9E68-983BA7A1BDD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*" ,
"versionEndExcluding" : "15.13.99.113" ,
"matchCriteriaId" : "55143981-8C28-4EE7-8593-F1A503C9C8EC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*" ,
"versionStartIncluding" : "15.13-0" ,
"versionEndExcluding" : "15.13-5" ,
"matchCriteriaId" : "49A386EB-18D7-4F4B-A8B9-C26C997C2CDF"
}
]
}
]
}
] ,
2024-10-14 20:03:18 +00:00
"references" : [
{
"url" : "https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=16d9efccb2fad8e10343be2604e94c9058ef2c89" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Issue Tracking" ,
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=e5ce81279766115dc0f126a11d6b5065b5db7eec" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Issue Tracking" ,
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Issue Tracking" ,
"Patch"
]
2024-10-14 20:03:18 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/tracker/?aid=39728" ,
2024-10-17 14:03:54 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2024-10-14 20:03:18 +00:00
}
]
}
