What is CVE-2023-38508?

CVE-2023-38508 is a medium-severity vulnerability in Enalean Tuleap, classified under Improper Authorization. CVSS score: 6.5/10. Published 2023-08-24.

How severe is CVE-2023-38508?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2023-38508 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Enalean Tuleap

CVE-2023-38508

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of a…

EPSS: 0.002 (40.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Enalean Tuleap — versions Tuleap Community Edition < 14.11.99.28, Tuleap Enterprise Edition < 14.10-6, Tuleap Enterprise Edition >= 14.11, < 14.11-3

Weakness classification (CWE)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

https://github.com/Enalean/tuleap/security/advisories/GHSA-h637-g4xp-2992 (x_refsource_CONFIRM)
https://github.com/Enalean/tuleap/commit/307c1c8044522a2dcc711062b18a3b3f9059a6c3 (x_refsource_MISC)
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=307c1c8044522a2dcc711062b18a3b3f9059a6c3 (x_refsource_MISC)
https://tuleap.net/plugins/tracker/?aid=33608 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-38508?: CVE-2023-38508 is a medium-severity vulnerability in Enalean Tuleap, classified under Improper Authorization. CVSS score: 6.5/10. Published 2023-08-24.
How severe is CVE-2023-38508?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2023-38508 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.