VYPR
Unrated severityNVD Advisory· Published Oct 15, 2021· Updated Aug 4, 2024

The update of the CI job targeted by a widget is vulnerable to blind SQL injections

CVE-2021-41148

Description

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Enalean/Tuleapllm-fuzzy2 versions
    <11.16.99.173 (Community), <11.16-6 (Enterprise), <11.15-8 (Enterprise)+ 1 more
    • (no CPE)range: <11.16.99.173 (Community), <11.16-6 (Enterprise), <11.15-8 (Enterprise)
    • (no CPE)range: < 11.16.99.173

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.