VYPR

Tuleap

by Enalean

CVEs (71)

  • CVE-2025-53541Jul 29, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain…

  • CVE-2025-52899Jul 29, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user…

  • CVE-2025-50179Jun 25, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1…

  • CVE-2025-48991Jun 25, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to…

  • CVE-2025-30155Mar 31, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition…

  • CVE-2025-30209Mar 31, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition…

  • CVE-2025-30203Mar 31, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this…

  • CVE-2025-29929Mar 31, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up…

  • CVE-2025-29766Mar 31, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing…

  • CVE-2025-27402Mar 4, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields.…

  • CVE-2025-27401Mar 4, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle…

  • CVE-2025-27156Mar 4, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in…

  • CVE-2025-27150Mar 4, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should…

  • CVE-2025-27099Mar 3, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other…

  • CVE-2025-27094Mar 3, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field,…

  • CVE-2025-22129Feb 3, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise…

  • CVE-2025-24029Feb 3, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap…

  • CVE-2024-52599Dec 9, 2024
    risk 0.00cvss epss 0.00

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in…

  • CVE-2024-47767Oct 14, 2024
    risk 0.00cvss epss 0.00

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap…

  • CVE-2024-47766Oct 14, 2024
    risk 0.00cvss epss 0.01

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with…