Volerion logoVolerion
Volerion logoVolerion

Tuleap File Release System Unauthorized Access Vulnerability

Vulnerability

A vulnerability exists in Tuleap Community Edition versions prior to 17.0.99.1762431347 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7, and 16.12-10. This vulnerability allows FRS project administrators to access file release information in projects where they do not have permission.

Impact

Exploitation of this vulnerability could lead to unauthorized access to file release information in restricted projects.

Reproduction

To reproduce this vulnerability, a project or FRS administrator in one project can access releases in another project where they should not have rights. This can be done by navigating to the WebDAV interface for the target project and package, which will return release information regardless of the user's permissions.

Remediation

Users can upgrade to Tuleap Community Edition 17.0.99.1762431347 or Tuleap Enterprise Edition 17.0-2, 16.13-7, or 16.12-10.

Added: Dec 8, 2025, 11:21 PM
Updated: Dec 8, 2025, 11:21 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
2.5
exploitability
6.6
remediation
7.7
relevance
1.3
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.