CVE-2024-46988 — MEDIUM (4.8)

Q: How severe is CVE-2024-46988?

CVE-2024-46988 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-46988?

Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.

Vulnerability Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Enalean	Tuleap	< 15.12-6

Related Weaknesses (CWE)

CWE-280 CWE-755

References

https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xwThird Party Advisory
https://tuleap.net/plugins/tracker/?aid=39686ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2024-46988?

CVE-2024-46988 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15....

How severe is CVE-2024-46988?

CVE-2024-46988 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-46988?

Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.