CVE-2024-46988 Information

Nov 01, 2024 cve

Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40 Tuleap Enterprise Edition 15.13-3 and Tuleap Enterprise Edition 15.12-6 users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40 Tuleap Enterprise Edition 15.13-3 and Tuleap Enterprise Edition 15.12-6 fix this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Reference

https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw https://tuleap.net/plugins/tracker/?aid=39686

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.7

Share on: