How severe is CVE-2025-24029?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-24029?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2025-24029 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2020-10072

MEDIUM

CVSS:5.3(Medium)

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more inf...

CWE-2802020

CVE-2020-26195

MEDIUM

CVSS:5.3(Medium)

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take ad...

CWE-2802020

CVE-2021-37175

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501...

CWE-2802021

CVE-2022-30716

MEDIUM

CVSS:5.3(Medium)

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

CWE-2802022

CVE-2023-39249

MEDIUM

CVSS:5.3(Medium)

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportA...

CWE-2802023

CVE-2023-6189

MEDIUM

CVSS:5.3(Medium)

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.

CWE-2802023