How severe is CVE-2024-47766?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-47766?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2024-47766 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Related Vulnerabilities

CVE-2020-10072

MEDIUM

CVSS:5.3(Medium)

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more inf...

CWE-2802020

CVE-2020-26195

MEDIUM

CVSS:5.3(Medium)

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take ad...

CWE-2802020

CVE-2021-37175

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501...

CWE-2802021

CVE-2022-30716

MEDIUM

CVSS:5.3(Medium)

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

CWE-2802022

CVE-2023-39249

MEDIUM

CVSS:5.3(Medium)

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportA...

CWE-2802023

CVE-2023-6189

MEDIUM

CVSS:5.3(Medium)

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.

CWE-2802023