Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2tkm-7rhf-wqe5
SummaryTuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.
Aliases
0
alias CVE-2025-52899
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52899
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57984
published_at 2026-06-11T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.58101
published_at 2026-06-14T12:55:00Z
2
value 0.00352
scoring_system epss
scoring_elements 0.58113
published_at 2026-06-13T12:55:00Z
3
value 0.00352
scoring_system epss
scoring_elements 0.58097
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52899
1
reference_url https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07
reference_id 5c72d6d253016d38ed472eb7918f772d074ddb07
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-29T19:34:14Z/
url https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07
2
reference_url https://tuleap.net/plugins/tracker/?aid=43674
reference_id ?aid=43674
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-29T19:34:14Z/
url https://tuleap.net/plugins/tracker/?aid=43674
3
reference_url https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2
reference_id GHSA-xqf3-xxxf-x3c2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-29T19:34:14Z/
url https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2
4
reference_url https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07
reference_id stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-29T19:34:14Z/
url https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07
Weaknesses
0
cwe_id 204
name Observable Response Discrepancy
description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Exploits
Severity_range_score5.3 - 5.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2tkm-7rhf-wqe5