Home > Vulnerability Database > CVE-2023-35938

Mend.io Vulnerability Database

CVE-2023-35938

Good to know:

Date: June 29, 2023

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.

Language: PHP

Severity Score

7.2

Related Resources (6)

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-rq42-cv6q-3m9q

Url: https://github.com/Enalean/tuleap/commit/a108186e7538676c4bf6e615f793f3b787a09b91

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a108186e7538676c4bf6e615f793f3b787a09b91

Url: https://tuleap.net/plugins/tracker/?aid=32278

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35938

Url: https://www.mend.io/vulnerability-database/CVE-2023-35938

Severity Score

7.2

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version 14.10,@tuleap/project-sidebar_2.2.1

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35938

Good to know:

Date: June 29, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?