关键漏洞信息 漏洞编号: #42251 提交人: Thomas Gerbet (tgerbet) 提交日期: 2025-03-21 11:00 最后修改日期: 2025-03-31 10:17 状态: Closed 关闭日期: 2025-03-24 漏洞摘要 标题: Improper permission handling in the REST endpoints and release notes display of the FRS plugin 影响: An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. CVSS v3.1 评分: 5.3 (AV:N/AC:L/PR:N/UI:NS/S:U/C:L/I:N/A:N) 利用方式 URL: https://tuleap.example.com/frs/release//release-notes 问题: Permissions are not verified at all. 参考 CVE: CVE-2025-30209 类别: Delivery/File release system 相关提交 Git Commit: - Fix request #42251 Improper permission handling in the REST endpoints and release notes display of the FRS plugin - Merge commit 'refs/changes/83/33883/3' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 跟踪记录 公共披露: 由 Thomas Gerbet (tgerbet) 在 10 小时前进行。 CVE 分配: CVE-2025-30209 已分配给此问题。 修复提交: rel #41092