CVE-2024-30246

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316
https://github.com/Enalean/tuleap/security/advisories/GHSA-jc7g-4pcv-8jcj
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a0ba0ae82a29eb8bfacef286778e5e49954f5316
https://tuleap.net/plugins/tracker/?aid=37545

Configurations

No configuration.

History

29 Mar 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-29 16:15

Updated : 2024-04-01 01:12

NVD link : CVE-2024-30246

Mitre link : CVE-2024-30246

CVE.ORG link : CVE-2024-30246

JSON object : View

Products Affected

No product.

CWE

CWE-440

Expected Behavior Violation

CWE-670

Always-Incorrect Control Flow Implementation

7.6 /10