2024-02-22 21:00:33 +00:00
{
"id" : "CVE-2024-25130" ,
"sourceIdentifier" : "security-advisories@github.com" ,
"published" : "2024-02-22T19:15:08.823" ,
2025-02-06 03:06:01 +00:00
"lastModified" : "2025-02-05T21:55:35.147" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-02-22 21:00:33 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "Tuleap es una suite de c\u00f3digo abierto para mejorar la gesti\u00f3n de los desarrollos de software y la colaboraci\u00f3n. Antes de la versi\u00f3n 15.5.99.76 de Tuleap Community Edition y antes de las versiones 15.5-4 y 15.4-7 de Tuleap Enterprise Edition, los usuarios con acceso de lectura a un rastreador donde se utiliza la funci\u00f3n de actualizaci\u00f3n masiva pod\u00edan obtener acceso a informaci\u00f3n restringida. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4 y Tuleap Enterprise Edition 15.4-7 contienen un parche para este problema."
2024-02-22 21:00:33 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "security-advisories@github.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 5.4 ,
"baseSeverity" : "MEDIUM" ,
2024-02-22 21:00:33 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-02-22 21:00:33 +00:00
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 4.2
2025-02-06 03:06:01 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
2024-02-22 21:00:33 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "security-advisories@github.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-200"
}
]
2025-02-06 03:06:01 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-noinfo"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*" ,
"versionEndExcluding" : "15.4-7" ,
"matchCriteriaId" : "00C1AA2F-2986-49C6-A558-A479543600CB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*" ,
"versionEndExcluding" : "15.5.99.76" ,
"matchCriteriaId" : "BE65762A-F5B7-451D-B081-9424FE3A4FE9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*" ,
"versionStartIncluding" : "15.5" ,
"versionEndExcluding" : "15.5-4" ,
"matchCriteriaId" : "8DA2EE66-8C5E-4E15-903E-3DE016F5207A"
}
]
}
]
2024-02-22 21:00:33 +00:00
}
] ,
"references" : [
{
"url" : "https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667" ,
2025-02-06 03:06:01 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Patch"
]
2024-02-22 21:00:33 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5" ,
2025-02-06 03:06:01 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2024-02-22 21:00:33 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667" ,
2025-02-06 03:06:01 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Broken Link"
]
2024-02-22 21:00:33 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/tracker/?aid=36803" ,
2025-02-06 03:06:01 +00:00
"source" : "security-advisories@github.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667" ,
2025-02-06 03:06:01 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5" ,
2025-02-06 03:06:01 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667" ,
2025-02-06 03:06:01 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Broken Link"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://tuleap.net/plugins/tracker/?aid=36803" ,
2025-02-06 03:06:01 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2024-02-22 21:00:33 +00:00
}
]
}
