Is CVE-2023-35938 actively exploited?

CVE-2023-35938 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-35938?

CVE-2023-35938 has a CVSS score of 4.1 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L.

How do I patch CVE-2023-35938?

Patch guidance is available from enalean security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-35938.

Which products are affected by CVE-2023-35938?

2 products: enalean tuleap, enalean tuleap.

CVE-2023-35938 - remediation guidance & executive summary

Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector: network
Complexity: high
Privileges: high
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
Weaknesses: CWE-281

Metadata

Primary Vendor: ENALEAN
Published: 6/29/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

enalean : tuleapenalean : tuleap

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-35938. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-35938

View on NIST NVD

CVE-2023-35938 vulnerability