Vendor CVEs
Enalean
All CVEs
71 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7538 | Cri | 0.67 | 9.8 | 0.04 | Mar 12, 2018 | A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. | ||
| CVE-2017-7411 | Hig | 0.66 | 8.8 | 0.67 | Oct 30, 2017 | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API… | ||
| CVE-2018-17298 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2018 | An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | ||
| CVE-2017-7981 | Hig | 0.61 | 8.8 | 0.16 | Apr 29, 2017 | Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap… | ||
| CVE-2018-7634 | Hig | 0.57 | 8.8 | 0.01 | Mar 1, 2018 | An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the… | ||
| CVE-2025-64482 | Med | 0.30 | 4.6 | 0.00 | Nov 12, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery… | ||
| CVE-2025-64117 | Med | 0.30 | 4.6 | 0.00 | Nov 12, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in… | ||
| CVE-2025-59040 | Med | 0.21 | 4.3 | 0.00 | Sep 18, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap… | ||
| CVE-2014-8791 | 0.04 | — | 0.15 | Dec 2, 2014 | project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | |||
| CVE-2014-7178 | 0.03 | — | 0.05 | Nov 28, 2014 | Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. | |||
| CVE-2014-7176 | 0.03 | — | 0.02 | Nov 4, 2014 | SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | |||
| CVE-2014-7177 | 0.03 | — | 0.03 | Oct 31, 2014 | XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. | |||
| CVE-2026-24007 | 0.00 | — | 0.00 | Feb 2, 2026 | Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links… | |||
| CVE-2025-65962 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field… | |||
| CVE-2025-64760 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to… | |||
| CVE-2025-64499 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through… | |||
| CVE-2025-64498 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker… | |||
| CVE-2025-64497 | 0.00 | — | 0.00 | Dec 8, 2025 | Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in… | |||
| CVE-2025-54877 | 0.00 | — | 0.00 | Aug 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the… | |||
| CVE-2025-53902 | 0.00 | — | 0.00 | Jul 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential… | |||
| CVE-2025-53541 | 0.00 | — | 0.00 | Jul 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain… | |||
| CVE-2025-52899 | 0.00 | — | 0.00 | Jul 29, 2025 | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user… | |||
| CVE-2025-50179 | 0.00 | — | 0.00 | Jun 25, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1… | |||
| CVE-2025-48991 | 0.00 | — | 0.00 | Jun 25, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to… | |||
| CVE-2025-30155 | 0.00 | — | 0.00 | Mar 31, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition… | |||
| CVE-2025-30209 | 0.00 | — | 0.00 | Mar 31, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition… | |||
| CVE-2025-30203 | 0.00 | — | 0.00 | Mar 31, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this… | |||
| CVE-2025-29929 | 0.00 | — | 0.00 | Mar 31, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up… | |||
| CVE-2025-29766 | 0.00 | — | 0.00 | Mar 31, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing… | |||
| CVE-2025-27402 | 0.00 | — | 0.00 | Mar 4, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields.… | |||
| CVE-2025-27401 | 0.00 | — | 0.00 | Mar 4, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle… | |||
| CVE-2025-27156 | 0.00 | — | 0.00 | Mar 4, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in… | |||
| CVE-2025-27150 | 0.00 | — | 0.00 | Mar 4, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should… | |||
| CVE-2025-27099 | 0.00 | — | 0.00 | Mar 3, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other… | |||
| CVE-2025-27094 | 0.00 | — | 0.00 | Mar 3, 2025 | Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field,… | |||
| CVE-2025-22129 | 0.00 | — | 0.00 | Feb 3, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise… | |||
| CVE-2025-24029 | 0.00 | — | 0.00 | Feb 3, 2025 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap… | |||
| CVE-2024-52599 | 0.00 | — | 0.00 | Dec 9, 2024 | Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in… | |||
| CVE-2024-47767 | 0.00 | — | 0.00 | Oct 14, 2024 | Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap… | |||
| CVE-2024-47766 | 0.00 | — | 0.01 | Oct 14, 2024 | Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with… | |||
| CVE-2024-46988 | 0.00 | — | 0.00 | Oct 14, 2024 | Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not… | |||
| CVE-2024-46980 | 0.00 | — | 0.00 | Oct 14, 2024 | Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward… | |||
| CVE-2024-39902 | 0.00 | — | 0.00 | Jul 22, 2024 | Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document… | |||
| CVE-2024-37167 | 0.00 | — | 0.00 | Jun 25, 2024 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97. | |||
| CVE-2024-30246 | 0.00 | — | 0.01 | Mar 29, 2024 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control… | |||
| CVE-2024-25130 | 0.00 | — | 0.01 | Feb 22, 2024 | Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass… | |||
| CVE-2024-23344 | 0.00 | — | 0.01 | Feb 6, 2024 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version… | |||
| CVE-2023-48715 | 0.00 | — | 0.01 | Dec 11, 2023 | Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on… | |||
| CVE-2023-39521 | 0.00 | — | 0.00 | Aug 24, 2023 | Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the… | |||
| CVE-2023-38508 | 0.00 | — | 0.01 | Aug 24, 2023 | Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not… |
- risk 0.67cvss 9.8epss 0.04
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
- risk 0.66cvss 8.8epss 0.67
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
- risk 0.61cvss 8.8epss 0.16
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the…
- risk 0.30cvss 4.6epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery…
- risk 0.30cvss 4.6epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in…
- risk 0.21cvss 4.3epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap…
- CVE-2014-8791Dec 2, 2014risk 0.04cvss —epss 0.15
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
- CVE-2014-7178Nov 28, 2014risk 0.03cvss —epss 0.05
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
- CVE-2014-7176Nov 4, 2014risk 0.03cvss —epss 0.02
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
- CVE-2014-7177Oct 31, 2014risk 0.03cvss —epss 0.03
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
- CVE-2026-24007Feb 2, 2026risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links…
- CVE-2025-65962Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field…
- CVE-2025-64760Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to…
- CVE-2025-64499Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through…
- CVE-2025-64498Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker…
- CVE-2025-64497Dec 8, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in…
- CVE-2025-54877Aug 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the…
- CVE-2025-53902Jul 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential…
- CVE-2025-53541Jul 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain…
- CVE-2025-52899Jul 29, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user…
- CVE-2025-50179Jun 25, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1…
- CVE-2025-48991Jun 25, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to…
- CVE-2025-30155Mar 31, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition…
- CVE-2025-30209Mar 31, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition…
- CVE-2025-30203Mar 31, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this…
- CVE-2025-29929Mar 31, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up…
- CVE-2025-29766Mar 31, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing…
- CVE-2025-27402Mar 4, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields.…
- CVE-2025-27401Mar 4, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle…
- CVE-2025-27156Mar 4, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in…
- CVE-2025-27150Mar 4, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should…
- CVE-2025-27099Mar 3, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other…
- CVE-2025-27094Mar 3, 2025risk 0.00cvss —epss 0.00
Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field,…
- CVE-2025-22129Feb 3, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise…
- CVE-2025-24029Feb 3, 2025risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap…
- CVE-2024-52599Dec 9, 2024risk 0.00cvss —epss 0.00
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in…
- CVE-2024-47767Oct 14, 2024risk 0.00cvss —epss 0.00
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap…
- CVE-2024-47766Oct 14, 2024risk 0.00cvss —epss 0.01
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with…
- CVE-2024-46988Oct 14, 2024risk 0.00cvss —epss 0.00
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not…
- CVE-2024-46980Oct 14, 2024risk 0.00cvss —epss 0.00
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward…
- CVE-2024-39902Jul 22, 2024risk 0.00cvss —epss 0.00
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document…
- CVE-2024-37167Jun 25, 2024risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.
- CVE-2024-30246Mar 29, 2024risk 0.00cvss —epss 0.01
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control…
- CVE-2024-25130Feb 22, 2024risk 0.00cvss —epss 0.01
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass…
- CVE-2024-23344Feb 6, 2024risk 0.00cvss —epss 0.01
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version…
- CVE-2023-48715Dec 11, 2023risk 0.00cvss —epss 0.01
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on…
- CVE-2023-39521Aug 24, 2023risk 0.00cvss —epss 0.00
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the…
- CVE-2023-38508Aug 24, 2023risk 0.00cvss —epss 0.01
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not…
Page 1 of 2