CVE-2025-24029 | THREATINT

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

PUBLISHED Reserved 2025-01-16 | Published 2025-02-03 | Updated 2025-02-04 | Assigner GitHub_M

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-280: Improper Handling of Insufficient Permissions or Privileges

Product status

< 16.3.99.1737562605

affected

References

github.com/...tuleap/security/advisories/GHSA-hq46-63pc-xfv9

tuleap.net/...mit&h=269cbaa73bac6d1c50674c48c9987263f2b38804

tuleap.net/...mit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75

tuleap.net/plugins/tracker/?aid=41476

cve.org (CVE-2025-24029)

nvd.nist.gov (CVE-2025-24029)

Download JSON