cvedb.io
CVE-2022-24896
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2022-06-09T06:15:07.053 · Last modified 2026-06-17T04:32:45.233

Summary

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.

Affected products

enalean — tuleap

Does this affect you?

Add your gear to cvedb and we'll alert you only when enalean ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.