How severe is CVE-2024-39902?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-39902?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2024-39902 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8.

Related Vulnerabilities

CVE-2017-5033

MEDIUM

CVSS:4.3(Medium)

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote atta...

CWE-2812017

CVE-2019-14956

MEDIUM

CVSS:4.3(Medium)

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

CWE-2812019

CVE-2020-13230

MEDIUM

CVSS:4.3(Medium)

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

CWE-2812020

CVE-2021-23963

MEDIUM

CVSS:4.3(Medium)

When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This ...

CWE-2812021

CVE-2022-2787

MEDIUM

CVSS:4.3(Medium)

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

CWE-2812022

CVE-2022-41708

MEDIUM

CVSS:4.3(Medium)

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application do...

CWE-2812022