Upstream information
Description
Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| CVSS detail | CNA (GitHub) | National Vulnerability Database |
|---|---|---|
| Base Score | 2.6 | 3.5 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
| Attack Vector | Network | Network |
| Attack Complexity | High | Low |
| Privileges Required | Low | Low |
| User Interaction | Required | Required |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | Low | Low |
| Integrity Impact | None | None |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15733 |
SUSE Timeline for this CVE
CVE page created: Fri Nov 7 00:05:03 2025CVE page last modified: Fri Dec 5 12:38:03 2025