Content of artifacts might be readable by unauthorized users

Moderate

LeSuisse published GHSA-m3v5-2j5q-x85w

Feb 6, 2024

Package

Tuleap Community Edition (tuleap)

Affected versions

>= 15.2.99.49 && < 15.4.99.140

Patched versions

15.4.99.140

Tuleap Enterprise Edition (tuleap)

< 15.4-5

< 15.3-5

15.4-5

15.3-5

Description

Impact

Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications).

Patches

The following versions contain the fix:

Tuleap Community Edition 15.4.99.140
Tuleap Enterprise Edition 15.3-5
Tuleap Enterprise Edition 15.4-5

For more information

If you have any questions or comments about this advisory, reach out to us via the contact information provided on the Tuleap.org security page.

References

Severity

Moderate

5.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N