关键漏洞信息 漏洞ID: #44489 提交人: Marion Caby (mdv) 提交日期: 2025-09-06 10:58 最后修改日期: 2025-09-09 09:09 状态: Closed 关闭日期: 2025-09-09 漏洞详情 摘要: Backlog item representations do not verify the permissions of the child trackers. 影响: Users might see tracker names they should not have access to. CVSS v3.1评分: 4.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N] 利用方式: Have a user that cannot access a tracker and have this tracker in children trackers of a backlog item. The quick add children action should not show the trackers not accessible to the users. 参考: CWE-280, CVE-2025-59610 分类与平台 类别: Agile Dashboard 报告版本: All 平台: Empty 相关链接 Git Commit: TULEAP/TULEAP-STABLE fix request #44489: Backlog item representations do not verify the permissions of the child trackers. 跟踪记录 确认: The issue has been confirmed as a security issue. 修复: Fix is being reviewed here: gitit #55523.