Page 2 of 8 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97. Tuleap es una suite de código abierto para mejorar la gestión de los desarrollos de software y la colaboración. Los usuarios pueden ver los elementos pendientes que no deberían ver. • https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e https://tuleap.net/plugins/tracker/?aid=38297 • CWE-285: Improper Authorization •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6. • https://github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316 https://github.com/Enalean/tuleap/security/advisories/GHSA-jc7g-4pcv-8jcj https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a0ba0ae82a29eb8bfacef286778e5e49954f5316 https://tuleap.net/plugins/tracker/?aid=37545 • CWE-440: Expected Behavior Violation CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue. Tuleap es una suite de código abierto para mejorar la gestión de los desarrollos de software y la colaboración. Antes de la versión 15.5.99.76 de Tuleap Community Edition y antes de las versiones 15.5-4 y 15.4-7 de Tuleap Enterprise Edition, los usuarios con acceso de lectura a un rastreador donde se utiliza la función de actualización masiva podían obtener acceso a información restringida. • https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667 https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667 https://tuleap.net/plugins/tracker/?aid=36803 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •