| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-38508 | Tuleap allows preview of a linked artifact with a type does not respect permissions | Enalean | tuleap | Medium | 6.5 | 2023-08-24 22:33:36 | Deep Dive |
| CVE-2023-40343 | Jenkins Plugin Tuleap Authentication 安全漏洞 | Jenkins Project | Jenkins Tuleap Authentication Plugin | 中危 | - | 2023-08-16 14:32:54 | Deep Dive |
| CVE-2023-35929 | Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps | Enalean | tuleap | Medium | 5.4 | 2023-07-25 17:30:22 | Deep Dive |
| CVE-2023-35938 | User access not updated with privilege change in Tuleap | Enalean | tuleap | Medium | 4.1 | 2023-06-29 19:33:59 | Deep Dive |
| CVE-2023-32072 | Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job | Enalean | tuleap | Medium | 4.8 | 2023-05-29 20:00:43 | Deep Dive |
| CVE-2023-30619 | XSS in the tooltip via an artifact title | Enalean | tuleap | Medium | 5.4 | 2023-05-04 13:35:35 | Deep Dive |
| CVE-2023-23938 | Cross-site Scripting (XSS) through the name of a color of select box values in tuleap | Enalean | tuleap | Medium | 5.9 | 2023-04-20 16:58:12 | Deep Dive |
| CVE-2022-23473 | Tuleap MediaWiki standalone "readers" can also edit pages | Enalean | tuleap | Medium | 4.3 | 2022-12-13 06:46:17 | Deep Dive |
| CVE-2022-46160 | Tuleap dashboards vulnerable to Incorrect Authorization | Enalean | tuleap | Medium | 4.3 | 2022-12-13 06:40:05 | Deep Dive |
| CVE-2022-43421 | Jenkins Tuleap Git Branch Source Plugin 安全漏洞 | Jenkins project | Jenkins Tuleap Git Branch Source Plugin | 中危 | - | 2022-10-19 00:00:00 | Deep Dive |
| CVE-2022-39233 | Tuleap subject to Missing Authorization allowing for branch prefix modification | Enalean | tuleap | Medium | 4.3 | 2022-10-19 00:00:00 | Deep Dive |
| CVE-2022-31128 | Fine grained permissions are not checked in Tuleap | Enalean | tuleap | Medium | 5.4 | 2022-08-01 16:20:13 | Deep Dive |
| CVE-2022-31058 | SQL injection via the field name of a tracker in Tuleap | Enalean | tuleap | High | 7.2 | 2022-06-29 17:55:24 | Deep Dive |
| CVE-2022-31063 | Cross site scripting via the title of a document in Tuleap | Enalean | tuleap | Medium | 6.5 | 2022-06-29 17:55:12 | Deep Dive |
| CVE-2022-31032 | Resources of private projects can be exposed in Tuleap | Enalean | tuleap | Medium | 4.3 | 2022-06-29 17:45:18 | Deep Dive |
| CVE-2022-24896 | Tracker report renderer and chart widgets leak information in Tuleap | Enalean | tuleap | Medium | 4.3 | 2022-06-06 19:30:15 | Deep Dive |
| CVE-2021-43806 | SQL injection in Tuleap | Enalean | tuleap | High | 8.8 | 2021-12-15 19:45:13 | Deep Dive |
| CVE-2021-41276 | Indirect LDAP injection in Tuleap | Enalean | tuleap | Medium | 6.7 | 2021-12-15 19:30:22 | Deep Dive |
| CVE-2021-43782 | Indirect LDAP injection in Tuleap | Enalean | tuleap | Medium | 6.7 | 2021-12-15 19:30:14 | Deep Dive |
| CVE-2021-41154 | SQL injection in the "SVN core" commits browser | Enalean | tuleap | High | 8.8 | 2021-10-18 21:10:27 | Deep Dive |