关键漏洞信息 漏洞标题: Special and always there fields permissions are not verified 漏洞ID: #44068 提交者: Thomas Gerbet (tgerbet) 提交日期: 2025-07-29 17:26 最后修改日期: 2025-08-19 14:58 状态: Closed 关闭日期: 2025-08-01 影响 描述: An attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. CVSSv3.1评分: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 参考 CVE编号: CVE-2025-54877 解决方案 Git Commit: - Fix request #44068 Special and always there fields permissions are not verified (commit hash: b0c1328f6) - Merge commit, refs/changes/25/25125/5 of salt/gerrit.tuleap.net:29418/tuleap into HEAD (commit hash: 1094653bf2) 跟踪记录 公开披露: Joris MASSON (jmsson) - 10 days ago CVE分配: CVE-2025-54877 has been assigned to this issue. - Thomas Gerbet (tgerbet) - 23 days ago 修复确认: request fixed by @cdeschamps with git #tuleap/stable/00c1328f96135ee6a3fb4d0047be5f943eafa590. - Tracker Workflow Manager (forge_tracker_workflow_manager) - 28 days ago