| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-27402 | Tuleap is missing CSRF protections on tracker fields administrative operations | Enalean | tuleap | Medium | 4.6 | 2025-03-04 17:00:49 | Deep Dive |
| CVE-2025-27401 | In Tuleap, deleting a report can delete criteria filters in other reports | Enalean | tuleap | Medium | 4.6 | 2025-03-04 16:58:18 | Deep Dive |
| CVE-2025-27156 | Tuleap allows content injection via emails sent by the mass emailing features | Enalean | tuleap | Medium | 4.1 | 2025-03-04 16:53:50 | Deep Dive |
| CVE-2025-27150 | Tuleap dumps the Redis password into the generated troubleshooting archives | Enalean | tuleap | Medium | 5.3 | 2025-03-04 16:48:43 | Deep Dive |
| CVE-2025-27099 | Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message | Enalean | tuleap | Medium | 4.8 | 2025-03-03 15:54:33 | Deep Dive |
| CVE-2025-27094 | Tuleap allows default values to be cleared from field configuration | Enalean | tuleap | Medium | 5.4 | 2025-03-03 15:51:02 | Deep Dive |
| CVE-2025-22129 | Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap | Enalean | tuleap | Medium | 4.3 | 2025-02-03 21:28:55 | Deep Dive |
| CVE-2025-24029 | Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap | Enalean | tuleap | Medium | 5.3 | 2025-02-03 21:26:39 | Deep Dive |
| CVE-2024-52599 | Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin | Enalean | tuleap | Medium | 5.4 | 2024-12-09 18:41:35 | Deep Dive |
| CVE-2024-47767 | Tuleap lists trackers in the quick add actions of the backlog without any permissions check | Enalean | tuleap | Medium | 4.3 | 2024-10-14 17:57:12 | Deep Dive |
| CVE-2024-47766 | Permissions are incorrectly verified for project administrators in the cross tracker search widget | Enalean | tuleap | Medium | 4.9 | 2024-10-14 17:53:56 | Deep Dive |
| CVE-2024-46988 | Tuleap does not properly check permissions for email notifications in trackers | Enalean | tuleap | Medium | 4.8 | 2024-10-14 17:44:53 | Deep Dive |
| CVE-2024-46980 | Tuleap vulnerable to XSS in the HTML mail content of the cross reference field | Enalean | tuleap | Medium | 4.8 | 2024-10-14 17:41:59 | Deep Dive |
| CVE-2024-39902 | Tuleap's recursive permissions to document manager folder are not properly applied | Enalean | tuleap | Medium | 4.8 | 2024-07-22 14:10:12 | Deep Dive |
| CVE-2024-37167 | Tuleap has improper permissions of the backlog items | Enalean | tuleap | Medium | 4.3 | 2024-06-25 19:28:33 | Deep Dive |
| CVE-2024-30246 | Tuleap deleting or moving an artifact can delete values from unrelated artifacts | Enalean | tuleap | High | 7.6 | 2024-03-29 15:50:20 | Deep Dive |
| CVE-2024-25130 | Tuleap's mass update clears the permissions on artifact field | Enalean | tuleap | Medium | 5.4 | 2024-02-22 18:29:10 | Deep Dive |
| CVE-2024-23344 | Tuleap's content of artifacts might be readable by unauthorized users | Enalean | tuleap | Medium | 5.3 | 2024-02-06 15:58:20 | Deep Dive |
| CVE-2023-48715 | Tuleap vulnerable to Cross-site Scripting on the edition page of a release | Enalean | tuleap | Medium | 5.4 | 2023-12-11 18:40:11 | Deep Dive |
| CVE-2023-39521 | Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion | Enalean | tuleap | Medium | 4.8 | 2023-08-24 22:40:02 | Deep Dive |