Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The update of the CI job targeted by a widget is vulnerable to blind SQL injections
Vulnerability Description
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Enalean Tuleap Open Alm SQL注入漏洞
Vulnerability Description
Enalean Tuleap Open Alm是法国Enalean公司的一个自由的开源工具。用于应用程序和系统开发的端到端可追溯性。 Enalean Tuleap Open ALM 的Community Edition 11.16.99.173版本和Enterprise Edition 11.16-6和11.15-8之前版本存在SQL注入漏洞,攻击者可利用该漏洞执行任意SQL查询。Tuleap Community Edition 11.16.99.173、Tuleap Enterprise Edition
CVSS Information
N/A
Vulnerability Type
N/A