Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tracker report renderer and chart widgets leak information in Tuleap
Vulnerability Description
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Tuleap 安全漏洞
Vulnerability Description
Tuleap是开源的一个应用程序生命周期管理系统,可促进敏捷软件开发,设计项目,V模型,需求管理和IT服务管理。 Tuleap 13.7.99.239之前版本存在安全漏洞,该漏洞源于 Tuleap 在显示跟踪器报告渲染器和图表小部件的内容时无法正确验证授权。攻击者利用该漏洞检索他们无法访问的跟踪器的名称以及报告中使用的字段名称。
CVSS Information
N/A
Vulnerability Type
N/A