Primary

Context

Tuleap Redis Password Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Tuleap's system data collection process, where the password for the Redis instance is not removed from the generated troubleshooting archives. This oversight could lead to unauthorized access, as these archives are typically reviewed by support teams that should not have access to such sensitive information. The issue affects Tuleap Community Edition versions prior to 16.4.99.1740492866 and Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11.

Impact

The vulnerability allows for the unintended disclosure of the Redis password in debug archives, which may be accessed by support teams.

Remediation

Users can upgrade to Tuleap Community Edition 16.4.99.1740492866 or Tuleap Enterprise Edition 16.4-6 or 16.3-11 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tuleap Redis Password Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Enalean Tuleap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating