{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:40:54.615","vulnerabilities":[{"cve":{"id":"CVE-2025-24029","sourceIdentifier":"security-advisories@github.com","published":"2025-02-03T22:15:28.320","lastModified":"2025-08-22T15:59:15.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Tuleap es una suite de código abierto que mejora la gestión de los desarrollos de software y la colaboración. Los usuarios (posiblemente anónimos si el widget se utiliza en el panel de control de un proyecto público) podrían obtener acceso a artefactos que no deberían ver. Este problema se ha solucionado en Tuleap Community Edition 16.3.99.1737562605, así como en Tuleap Enterprise Edition 16.3-5 y Tuleap Enterprise Edition 16.2-7. Se recomienda a los usuarios que actualicen la versión. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"16.2-7","matchCriteriaId":"7C94363E-3A6A-431B-B09E-82607147B52D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*","versionEndExcluding":"16.3.99.1737562605","matchCriteriaId":"B0A6CE6F-83BA-4D5C-B686-A30701402260"},{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"16.3","versionEndExcluding":"16.3-5","matchCriteriaId":"ACECC850-13ED-4516-BC1F-01FB9153332B"}]}]}],"references":[{"url":"https:\/\/github.com\/Enalean\/tuleap\/security\/advisories\/GHSA-hq46-63pc-xfv9","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/tuleap.net\/plugins\/git\/tuleap\/tuleap\/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804","source":"security-advisories@github.com","tags":["Permissions Required"]},{"url":"https:\/\/tuleap.net\/plugins\/git\/tuleap\/tuleap\/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75","source":"security-advisories@github.com","tags":["Permissions Required"]},{"url":"https:\/\/tuleap.net\/plugins\/tracker\/?aid=41476","source":"security-advisories@github.com","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}