CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23344: Tuleap's content of artifacts might be readable by unauthorized users

5.3 CVSS

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.

Classification

CVE ID: CVE-2024-23344

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: Enalean

Product: tuleap

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 27.89% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23344
https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42
https://tuleap.net/plugins/tracker/?aid=35862

Timeline

2025-05-09 17:40:12 UTC
CVE

Tuleap's content of artifacts might be readable by unauthorized users