Enalean
Products
3- 71 CVEs
- 4 CVEs
- 4 CVEs
Recent CVEs
71| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7538 | Cri | 0.67 | 9.8 | 0.04 | Mar 12, 2018 | A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. | ||
| CVE-2017-7411 | Hig | 0.66 | 8.8 | 0.67 | Oct 30, 2017 | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API… | ||
| CVE-2018-17298 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2018 | An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | ||
| CVE-2017-7981 | Hig | 0.61 | 8.8 | 0.16 | Apr 29, 2017 | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap… | ||
| CVE-2018-7634 | Hig | 0.57 | 8.8 | 0.01 | Mar 1, 2018 | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the… | ||
| CVE-2025-64482 | Med | 0.30 | 4.6 | 0.00 | Nov 12, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery… | ||
| CVE-2025-64117 | Med | 0.30 | 4.6 | 0.00 | Nov 12, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in… | ||
| CVE-2025-59040 | Med | 0.21 | 4.3 | 0.00 | Sep 18, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap… | ||
| CVE-2014-8791 | 0.04 | — | 0.15 | Dec 2, 2014 | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | |||
| CVE-2014-7178 | 0.03 | — | 0.05 | Nov 28, 2014 | Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | |||
| CVE-2014-7176 | 0.03 | — | 0.02 | Nov 4, 2014 | SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | |||
| CVE-2014-7177 | 0.03 | — | 0.03 | Oct 31, 2014 | XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. | |||
| CVE-2026-24007 | 0.00 | — | 0.00 | Feb 2, 2026 | Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links… | |||
| CVE-2025-65962 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field… | |||
| CVE-2025-64760 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to… | |||
| CVE-2025-64499 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through… | |||
| CVE-2025-64498 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker… | |||
| CVE-2025-64497 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in… | |||
| CVE-2025-54877 | 0.00 | — | 0.00 | Aug 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the… | |||
| CVE-2025-53902 | 0.00 | — | 0.00 | Jul 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential… |
- risk 0.67cvss 9.8epss 0.04
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
- risk 0.66cvss 8.8epss 0.67
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
- risk 0.61cvss 8.8epss 0.16
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the…
- risk 0.30cvss 4.6epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery…
- risk 0.30cvss 4.6epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in…
- risk 0.21cvss 4.3epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap…
- CVE-2014-8791Dec 2, 2014risk 0.04cvss —epss 0.15
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
- CVE-2014-7178Nov 28, 2014risk 0.03cvss —epss 0.05
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
- CVE-2014-7176Nov 4, 2014risk 0.03cvss —epss 0.02
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
- CVE-2014-7177Oct 31, 2014risk 0.03cvss —epss 0.03
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
- CVE-2026-24007Feb 2, 2026risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links…
- CVE-2025-65962Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field…
- CVE-2025-64760Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to…
- CVE-2025-64499Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through…
- CVE-2025-64498Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker…
- CVE-2025-64497Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in…
- CVE-2025-54877Aug 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the…
- CVE-2025-53902Jul 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential…