What is CVE-2023-35938?

CVE-2023-35938 is a vulnerability in Tuleap, a Free & Open Source Suite for software development and collaboration.

What is the severity of CVE-2023-35938?

CVE-2023-35938 has a severity level of 7.2 (high).

How does CVE-2023-35938 affect Tuleap?

CVE-2023-35938 affects Tuleap versions up to 14.9.99.63 in the community edition and up to 14.10-1 in the enterprise edition.

How can I fix CVE-2023-35938?

To fix CVE-2023-35938, update your Tuleap installation to version 14.9.99.64 or higher for the community edition and to version 14.10-2 or higher for the enterprise edition.

Where can I find more information about CVE-2023-35938?

You can find more information about CVE-2023-35938 in the GitHub commit and security advisory links provided: [Commit](https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91), [Security Advisory](https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q).

Vulnerability/
CVE-2023-35938

high

7.2

CWE

281

29/6/2023

10/7/2023

CVE-2023-35938

First published: Thu Jun 29 2023(Updated: )

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Enalean Tuleap	<14.9.99.63
Enalean Tuleap	<14.10-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-35938?
CVE-2023-35938 is a vulnerability in Tuleap, a Free & Open Source Suite for software development and collaboration.
What is the severity of CVE-2023-35938?
CVE-2023-35938 has a severity level of 7.2 (high).
How does CVE-2023-35938 affect Tuleap?
CVE-2023-35938 affects Tuleap versions up to 14.9.99.63 in the community edition and up to 14.10-1 in the enterprise edition.
How can I fix CVE-2023-35938?
To fix CVE-2023-35938, update your Tuleap installation to version 14.9.99.64 or higher for the community edition and to version 14.10-2 or higher for the enterprise edition.
Where can I find more information about CVE-2023-35938?
You can find more information about CVE-2023-35938 in the GitHub commit and security advisory links provided: [Commit](https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91), [Security Advisory](https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.