CVE-2024-46988

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-46988
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

5.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw Third Party Advisory
https://tuleap.net/plugins/tracker/?aid=39686 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
History

16 Oct 2024, 14:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.8 		v2 : unknown
v3 : 5.7
First Time Enalean
Enalean tuleap
CPE cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
References () https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw - () https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw - Third Party Advisory
References () https://tuleap.net/plugins/tracker/?aid=39686 - () https://tuleap.net/plugins/tracker/?aid=39686 - Exploit, Issue Tracking, Third Party Advisory
CWE CWE-755

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Tuleap es una herramienta para la trazabilidad de extremo a extremo de los desarrollos de aplicaciones y sistemas. Antes de Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3 y Tuleap Enterprise Edition 15.12-6, los usuarios podían recibir notificaciones por correo electrónico con información a la que no deberían tener acceso. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3 y Tuleap Enterprise Edition 15.12-6 solucionan este problema.

14 Oct 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-14 18:15

Updated : 2024-10-16 14:07

NVD link : CVE-2024-46988

Mitre link : CVE-2024-46988

CVE.ORG link : CVE-2024-46988

JSON object : View

Products Affected

enalean

  • tuleap
CWE
CWE-755

Improper Handling of Exceptional Conditions

CWE-280

Improper Handling of Insufficient Permissions or Privileges


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024