Vulnerability Description
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 13.6-5 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a18431PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39PatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=8e99e7c82d9fe5697PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=26729Issue TrackingVendor Advisory
- https://github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a18431PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39PatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=8e99e7c82d9fe5697PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=26729Issue TrackingVendor Advisory
FAQ
What is CVE-2022-24896?
CVE-2022-24896 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of t...
How severe is CVE-2022-24896?
CVE-2022-24896 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24896?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.