Thomas Gerbet (tgerbet)2022-10-17 14:49 Thanks for your kind response. I was thinking to use tuleap for my project but, as per your statement exposing all user information is this application's behaviour it's a violation of CIA triad properties. Note that you can make instance private if you want. See the documentation: https://docs.tuleap.org/administration-guide/users-management/security/site-access.html#site-configuration I was casually browsing the project features, it was not a security test. The real name you had set does not tell the same story but okay. Attachments image.png addedBy Thomas Gerbet (tgerbet)(4 kB)image.png
Satyam Patel (satyam_patel)2022-10-17 13:35 Dear @thomas.gerbet@enalean.com, Thanks for your kind response. I was thinking to use tuleap for my project but, as per your statement exposing all user information is this application's behaviour it's a violation of CIA triad properties. I will not use this product in my project. Anyway, if your production is exposing users' confidential information, please consider proper authorisation to comply with CIA triad. I was casually browsing the project features, it was not a security test. Thanks and regards! Satyam Patel Security Researcher@synackz
Thomas Gerbet (tgerbet)2022-10-17 09:26 Hello, Same as request #29223 this is an expected behavior. Also, please do not search for security issues on a production instance you do not want. Our guidelines on how to report security issues are available here: https://www.tuleap.org/security Status changed from New to DeclinedClose date set to 2022-10-17