CVE-2022-24896
Summary
| CVE | CVE-2022-24896 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-09 06:15:00 UTC |
| Updated | 2022-06-15 17:42:00 UTC |
| Description | Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. |
Risk And Classification
Problem Types: CWE-862
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Tracker report renderer and chart widgets leak information user - request #26729 - Requests - Tuleap | MISC | tuleap.net | |
| request #26729 Tracker report renderer and chart widgets leak informa… · Enalean/tuleap@8e99e7c · GitHub | MISC | github.com | |
| Git - Tuleap | MISC | tuleap.net | |
| Tracker report renderer and chart widgets leak information user cannot access · Advisory · Enalean/tuleap · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.