Vulnerability Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.2-7 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9PatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c5Permissions Required
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8Permissions Required
- https://tuleap.net/plugins/tracker/?aid=41476Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2025-24029?
CVE-2025-24029 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get ac...
How severe is CVE-2025-24029?
CVE-2025-24029 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-24029?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.