CVE-2024-47766

Source
https://cve.org/CVERecord?id=CVE-2024-47766
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47766.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47766
Aliases
  • GHSA-qfrh-fv84-93hx
Published
2024-10-14T17:53:55.763Z
Modified
2026-04-10T05:17:40.496966Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Permissions are incorrectly verified for project administrators in the cross tracker search widget
Details

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Database specific
{
    "cwe_ids": [
        "CWE-280"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47766.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47766.json"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "15.12-8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "15.13.99.110"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "15.13-0"
            },
            {
                "fixed": "15.13-5"
            }
        ]
    }
]