VYPR

Tuleap

by Enalean

CVEs (71)

  • CVE-2024-46988Oct 14, 2024
    risk 0.00cvss epss 0.00

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not…

  • CVE-2024-46980Oct 14, 2024
    risk 0.00cvss epss 0.00

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward…

  • CVE-2024-39902Jul 22, 2024
    risk 0.00cvss epss 0.00

    Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document…

  • CVE-2024-37167Jun 25, 2024
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

  • CVE-2024-30246Mar 29, 2024
    risk 0.00cvss epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control…

  • CVE-2024-25130Feb 22, 2024
    risk 0.00cvss epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass…

  • CVE-2024-23344Feb 6, 2024
    risk 0.00cvss epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version…

  • CVE-2023-48715Dec 11, 2023
    risk 0.00cvss epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on…

  • CVE-2023-39521Aug 24, 2023
    risk 0.00cvss epss 0.00

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the…

  • CVE-2023-38508Aug 24, 2023
    risk 0.00cvss epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not…

  • CVE-2023-35929Jul 25, 2023
    risk 0.00cvss epss 0.00

    Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible…

  • CVE-2023-35938Jun 29, 2023
    risk 0.00cvss epss 0.00

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right.…

  • CVE-2023-32072May 29, 2023
    risk 0.00cvss epss 0.00

    Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A…

  • CVE-2023-30619May 4, 2023
    risk 0.00cvss epss 0.00

    Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force…

  • CVE-2023-23938Apr 20, 2023
    risk 0.00cvss epss 0.00

    Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker…

  • CVE-2022-23473Dec 13, 2022
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also…

  • CVE-2022-46160Dec 13, 2022
    risk 0.00cvss epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project…

  • CVE-2022-39233Oct 19, 2022
    risk 0.00cvss epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration.…

  • CVE-2022-31128Aug 1, 2022
    risk 0.00cvss epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can…

  • CVE-2022-31058Jun 29, 2022
    risk 0.00cvss epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the…