Primary

Context

Tuleap Cross-Tracker Permission Vulnerability in Special Fields

Vulnerability

Patched

A vulnerability exists in Tuleap Community Edition versions prior to 16.10.99.1754050155 and Tuleap Enterprise Edition versions prior to 16.9-8 and 16.10-5. This vulnerability allows attackers to access the content of special fields in accessible artifacts, regardless of the permissions associated with those fields. The issue arises because cross-tracker searches do not properly verify field permissions.

Impact

Exploitation of this vulnerability allows unauthorized access to special fields in artifacts, bypassing established permission controls.

Remediation

Users can upgrade to Tuleap Community Edition 16.10.99.1754050155 or Tuleap Enterprise Edition 16.10-5 or 16.9-8 to address this vulnerability.

Added: Aug 29, 2025, 4:28 PM

Updated: Aug 29, 2025, 4:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tuleap Cross-Tracker Permission Vulnerability in Special Fields

Vulnerability

Impact

Remediation

Affected Products

Tuleap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating