关键漏洞信息 漏洞标题 Special and always there fields permissions are not verified in cross-tracker search 严重性 CVSS v3 base metrics: 5.3 / 10 (Moderate) CVE ID: CVE-2025-54877 Weaknesses: CWE-863 影响 描述: 攻击者可以访问特殊和始终存在的字段权限未验证的可访问工件的内容,即使与底层字段关联的权限不允许这样做。 受影响版本 Tuleap Community Edition: < 16.10.99.1754050155 Tuleap Enterprise Edition: - < 16.10-5 - < 16.9-8 修复版本 Tuleap Community Edition: 16.10.99.1754050155 Tuleap Enterprise Edition: - 16.10-5 - 16.9-8 更多信息 如果有任何问题或评论,请通过Tuleap.org安全页面提供的联系信息联系我们。 参考链接 request #44068 Special and always there fields permissions are not verified in cross-tracker search b0c1328 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b0c1328f96135ee6a3f84d0847be5f843eafa590