cbcvebase.
CVE-2024-30246
published 2024-03-29

CVE-2024-30246: Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete…

PriorityP339high7.1CVSS 3.1
AVNACLPRLUINSUCLIHAN
EPSS
0.62%
45.3th percentile
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.

Affected

11 ranges
VendorProductVersion rangeFixed in
enaleantuleap
enaleantuleap
enaleantuleap>= 14.11.99.34 < 15.7.99.615.7.99.6
enaleantuleap>= 14.12-1 < 14.12-614.12-6
enaleantuleap>= 15.0-1 < 15.0-915.0-9
enaleantuleap>= 15.1-1 < 15.1-915.1-9
enaleantuleap>= 15.2-1 < 15.2-515.2-5
enaleantuleap>= 15.3-1 < 15.3-615.3-6
enaleantuleap>= 15.4-1 < 15.4-815.4-8
enaleantuleap>= 15.5-1 < 15.5-615.5-6
enaleantuleap>= 15.6-1 < 15.6-515.6-5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.