Vendor CVEs
Enalean
All CVEs
71 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-35929 | 0.00 | — | 0.00 | Jul 25, 2023 | Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible… | |||
| CVE-2023-35938 | 0.00 | — | 0.01 | Jun 29, 2023 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right.… | |||
| CVE-2023-32072 | 0.00 | — | 0.00 | May 29, 2023 | Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A… | |||
| CVE-2023-30619 | 0.00 | — | 0.00 | May 4, 2023 | Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force… | |||
| CVE-2023-23938 | 0.00 | — | 0.00 | Apr 20, 2023 | Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker… | |||
| CVE-2022-23473 | 0.00 | — | 0.00 | Dec 13, 2022 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also… | |||
| CVE-2022-46160 | 0.00 | — | 0.01 | Dec 13, 2022 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project… | |||
| CVE-2022-39233 | 0.00 | — | 0.01 | Oct 19, 2022 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration.… | |||
| CVE-2022-31128 | 0.00 | — | 0.01 | Aug 1, 2022 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can… | |||
| CVE-2022-31058 | 0.00 | — | 0.01 | Jun 29, 2022 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the… | |||
| CVE-2022-31063 | 0.00 | — | 0.01 | Jun 29, 2022 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked… | |||
| CVE-2022-31032 | 0.00 | — | 0.01 | Jun 29, 2022 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to… | |||
| CVE-2022-24896 | 0.00 | — | 0.01 | Jun 6, 2022 | Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this… | |||
| CVE-2021-43806 | 0.00 | — | 0.02 | Dec 15, 2021 | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated… | |||
| CVE-2021-41276 | 0.00 | — | 0.01 | Dec 15, 2021 | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could… | |||
| CVE-2021-43782 | 0.00 | — | 0.01 | Dec 15, 2021 | Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id… | |||
| CVE-2021-41154 | 0.00 | — | 0.01 | Oct 18, 2021 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community… | |||
| CVE-2021-41155 | 0.00 | — | 0.01 | Oct 18, 2021 | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following… | |||
| CVE-2021-41148 | 0.00 | — | 0.01 | Oct 15, 2021 | Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to… | |||
| CVE-2021-41147 | 0.00 | — | 0.02 | Oct 15, 2021 | Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard… | |||
| CVE-2021-41142 | 0.00 | — | 0.01 | Oct 14, 2021 | Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the… |
- CVE-2023-35929Jul 25, 2023risk 0.00cvss —epss 0.00
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible…
- CVE-2023-35938Jun 29, 2023risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right.…
- CVE-2023-32072May 29, 2023risk 0.00cvss —epss 0.00
Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A…
- CVE-2023-30619May 4, 2023risk 0.00cvss —epss 0.00
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force…
- CVE-2023-23938Apr 20, 2023risk 0.00cvss —epss 0.00
Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker…
- CVE-2022-23473Dec 13, 2022risk 0.00cvss —epss 0.00
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also…
- CVE-2022-46160Dec 13, 2022risk 0.00cvss —epss 0.01
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project…
- CVE-2022-39233Oct 19, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration.…
- CVE-2022-31128Aug 1, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can…
- CVE-2022-31058Jun 29, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the…
- CVE-2022-31063Jun 29, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked…
- CVE-2022-31032Jun 29, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to…
- CVE-2022-24896Jun 6, 2022risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this…
- CVE-2021-43806Dec 15, 2021risk 0.00cvss —epss 0.02
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated…
- CVE-2021-41276Dec 15, 2021risk 0.00cvss —epss 0.01
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could…
- CVE-2021-43782Dec 15, 2021risk 0.00cvss —epss 0.01
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id…
- CVE-2021-41154Oct 18, 2021risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community…
- CVE-2021-41155Oct 18, 2021risk 0.00cvss —epss 0.01
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following…
- CVE-2021-41148Oct 15, 2021risk 0.00cvss —epss 0.01
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to…
- CVE-2021-41147Oct 15, 2021risk 0.00cvss —epss 0.02
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard…
- CVE-2021-41142Oct 14, 2021risk 0.00cvss —epss 0.01
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the…
Page 2 of 2