CVE-2025-30209

Published: Mar 31, 2025Modified: Aug 21, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.

Affected (3)

Products: Enalean: Tuleap

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Enalean Tuleap	Before 16.5.99.1742812323
Enalean Tuleap	Before 16.4-10
Enalean Tuleap	From 16.5 to 16.5-6

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/Enalean/tuleap/commit/34af2d5d10b0349967129f53427f495815e5bbcc

Source: security-advisories@github.com

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-hcp5-pmpm-mgwh

Source: security-advisories@github.com

Third Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=34af2d5d10b0349967129f53427f495815e5bbcc

Source: security-advisories@github.com

Broken Link

https://tuleap.net/plugins/tracker/?aid=42251

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.