关键漏洞信息 漏洞标题 User enumeration via the lost password form 发布者与时间 LeSuisse published GHSA-xqf3-xxxf-x3c2 yesterday 影响版本 Tuleap Community Edition (tuleap): < 16.9.99.1750843170 Tuleap Enterprise Edition (tuleap): - < 16.9-2 - < 16.8-4 修复版本 Tuleap Community Edition: 16.9.99.1750843170 Tuleap Enterprise Edition: - 16.9-2 - 16.8-4 严重性 CVSS v3 base metrics - Attack vector: Network - Attack complexity: Low - Privileges required: None - User interaction: None - Scope: Unchanged - Confidentiality: Low - Integrity: None - Availability: None Severity: Moderate (5.3 / 10) CVE ID CVE-2025-52899 弱点 CWE-204 描述与影响 The forgot password form allows for user enumeration. 补丁 Tuleap Community Edition 16.9.99.1750843170 Tuleap Enterprise Edition 16.9-2 Tuleap Enterprise Edition 16.8-4 参考资料 request #43674 User enumeration via the lost password form 5c72d6d https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074dddb07