CVE-2025-30155

Sažetak

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Reference

https://github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726
https://github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppg
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0921df3a1c1aa20fc359b373f001a77c43b1b726
https://tuleap.net/plugins/tracker/?aid=42237

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

01-04-2025 - 20:26

Objavljeno

31-03-2025 - 16:15