First published: Mon Jun 06 2022(Updated: )
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <13.6-5 | |
Enalean Tuleap | <13.7.99.239 | |
Enalean Tuleap | >=13.7-1<13.7-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24896 is a vulnerability in Tuleap, a free and open-source suite for managing software development and collaboration. It allows malicious users to retrieve sensitive information.
CVE-2022-24896 has a severity rating of 4.3, which is considered medium.
CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. It allows unauthorized users to view content in tracker report renderer and chart widgets.
Malicious users can exploit CVE-2022-24896 to retrieve sensitive information by exploiting the vulnerability in Tuleap.
Yes, a fix for CVE-2022-24896 is available in Tuleap version 13.7.99.239 and later.