•  
      request #35862 Content of artifacts might be readable by unauthorized users
    Infos
    #35862
    Nicolas Terray (nterray)
    2024-02-06 14:30
    2024-01-19 17:20
    37437
    Details
    Content of artifacts might be readable by unauthorized users

    Impact

    Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications).
    CVSSv3.1 score: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

    References

    Introduced in Tuleap 15.2.99.49 (git #tuleap/stable/795b1bf0cf53b8ef0c73aaa43e38cf4146af2737)
    CWE 200
    OWASP Top 10 Broken Access Control
    CVE-2024-23344

    Trackers
    15.3
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Nicolas Terray (nterray)
    Closed
    2024-01-22
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2024-01-23 09:19

    CVE-2024-23344 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Connected artifacts
    User avatar
    Thomas Gerbet (tgerbet)2024-01-22 15:39
    • Summary
      -Artifact userCanView not properly cached 
      +Content of artifacts might be readable by unauthorized users 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes