CVE-2025-30155

Published: Mar 31, 2025Modified: Aug 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Affected (3)

Products: Enalean: Tuleap

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Enalean Tuleap	Before 16.5.99.1742392651
Enalean Tuleap	Before 16.4-8
Enalean Tuleap	From 16.5 to 16.5-5

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726

Source: security-advisories@github.com

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppg

Source: security-advisories@github.com

Third Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0921df3a1c1aa20fc359b373f001a77c43b1b726

Source: security-advisories@github.com

Broken Link

https://tuleap.net/plugins/tracker/?aid=42237

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.