CVE-2025-52899
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Enalean | tuleap | Tuleap Community Edition < 16.9.99.1750843170 | affected |
| Enalean | tuleap | Tuleap Enterprise Edition >= 16.9, < 16.9-2 | affected |
| Enalean | tuleap | Tuleap Enterprise Edition < 16.8-4 | affected |
Weaknesses
- CWE-204: CWE-204: Observable Response Discrepancy
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2
- https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07
- https://tuleap.net/plugins/tracker/?aid=43674
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.