Tuleap Enterprise Edition
Monthly
Insecure direct object reference (IDOR) in Dassault Systèmes Tuleap Enterprise Edition 17.0 through 17.5 lets attackers read other users' data by manipulating a user-controlled key/identifier, breaking horizontal authorization boundaries. The CVSS 3.1 vector (AV:N/PR:N) scores it as remotely reachable with high confidentiality impact but no integrity or availability effect. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Insecure direct object reference (IDOR) in Dassault Systèmes Tuleap Enterprise Edition 17.0 through 17.5 lets attackers read other users' data by manipulating a user-controlled key/identifier, breaking horizontal authorization boundaries. The CVSS 3.1 vector (AV:N/PR:N) scores it as remotely reachable with high confidentiality impact but no integrity or availability effect. No public exploit identified at time of analysis, and it is not listed in CISA KEV.