CVE-2024-25130
- Source
- https://cve.org/CVERecord?id=CVE-2024-25130
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25130.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-25130
- Aliases
-
- GHSA-mq7f-m6mj-hjj5
- Published
- 2024-02-22T18:29:10.138Z
- Modified
- 2025-11-30T11:31:21.083504Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Tuleap's mass update clears the permissions on artifact field
- Details
-
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.
- Database specific
{ "cwe_ids": [ "CWE-200" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25130.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25130.json
- https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667
- https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5
- https://nvd.nist.gov/vuln/detail/CVE-2024-25130
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667
- https://tuleap.net/plugins/tracker/?aid=36803
Affected packages
Git / github.com/enalean/tuleap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/enalean/tuleap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
10.*
10.0
10.1
10.10
10.11
10.2
10.3
10.4
10.5
10.6
10.7
10.8
10.9
11.*
11.0
11.1
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.17
11.18
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
12.*
12.0
12.1
12.10
12.11
12.12
12.2
12.3
12.4
12.5
12.6
12.7
12.8
12.9
13.*
13.0
13.1
13.10
13.11
13.12
13.2
13.3
13.4
13.5
13.6
13.7
13.8
13.9
14.*
14.0
14.1
14.10
14.11
14.12
14.2
14.3
14.4
14.5
14.6
14.7
14.8
14.9
15.*
15.0
15.1
15.2
15.3
15.4
15.5
Other
1839_conditions_on_dates_in_5_7_1
4.*
4.0.18
4.0.20
4.0.28
5.*
5.0.1
5.0.2
5.0.3
5.0.4
5.1.0
5.11
5.12
5.2
5.3
5.3.1
5.4
5.5
5.5.1
5.5.2
5.5.3
5.5.4
5.6
5.6.1
5.6.2
5.7
5.8
5.9
5.9.1
6.*
6.0
6.1
6.10
6.11
6.12
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
7.*
7.0
7.1
7.10
7.11
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
8.*
8.0
8.1
8.10
8.11
8.12
8.13
8.14
8.15
8.16
8.17
8.18
8.19
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9
9.*
9.0
9.1
9.10
9.11
9.12
9.13
9.14
9.15
9.16
9.17
9.18
9.19
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
@tuleap/project-sidebar_1.*
@tuleap/project-sidebar_1.0.0
@tuleap/project-sidebar_1.0.1
@tuleap/project-sidebar_1.0.2
@tuleap/project-sidebar_1.1.0
@tuleap/project-sidebar_2.*
@tuleap/project-sidebar_2.1.0
@tuleap/project-sidebar_2.2.0
@tuleap/project-sidebar_2.2.1
@tuleap/project-sidebar_2.2.3
@tuleap/project-sidebar_2.2.4
@tuleap/project-sidebar_2.3.0
@tuleap/project-sidebar_2.4.0
@tuleap/project-sidebar_2.5.0
@tuleap/project-sidebar_2.6.0
@tuleap/project-sidebar_2.6.1