CVE-2024-23344
published 2024-02-06CVE-2024-23344: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.53%
40.7th percentile
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enalean | tuleap | < 15.4.99.140 | 15.4.99.140 |
| enalean | tuleap | < 15.3.5 | 15.3.5 |
| enalean | tuleap | >= 15.2.99.49 < 15.4.99.140 | 15.4.99.140 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85whttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42https://tuleap.net/plugins/tracker/?aid=35862https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85whttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42https://tuleap.net/plugins/tracker/?aid=35862
2024-02-06
Published