Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tuleap deleting or moving an artifact can delete values from unrelated artifacts
Vulnerability Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
预期行为违背
Vulnerability Title
Tuleap 安全漏洞
Vulnerability Description
Tuleap是开源的一个应用程序生命周期管理系统,可促进敏捷软件开发,设计项目,V模型,需求管理和IT服务管理。 Tuleap Community Edition 15.7.99.6 之前版本、Tuleap Enterprise Edition 15.7-2、15.6-5、15.5-6、15.4-8、15.3-6、15.2-5、15.1-9、15.0-9、14.12-6之前版本存在安全漏洞,该漏洞源于允许攻击者删除实例上的信息,可能获得对受限项目的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A