CVE-2025-53902
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Enalean | tuleap | Tuleap Community Edition < 16.9.99.1752585665 | affected |
| Enalean | tuleap | Tuleap Enterprise Edition < 16.8-6 | affected |
| Enalean | tuleap | Tuleap Enterprise Edition >= 16.9, < 16.9-5 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-6f24-5v47-rj6j
- https://github.com/Enalean/tuleap/commit/ebe054df8a2672afee41af84e5ba14b57ef8b789
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ebe054df8a2672afee41af84e5ba14b57ef8b789
- https://tuleap.net/plugins/tracker/?aid=43704
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.