关键漏洞信息 漏洞标题 Missing CSRF protection on tracker hierarchy administration 严重性 Moderate CVSS v3 base metrics: 4.6/10 - Attack vector: Network - Attack complexity: Low - Privileges required: Low - User interaction: Required - Scope: Unchanged - Confidentiality: None - Integrity: Low - Availability: Low 影响 An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. 受影响版本 Tuleap Community Edition (tuleap) - Affected versions: < 16.5.99.1742306712 - Patched versions: 16.5.99.1742306712 Tuleap Enterprise Edition (tuleap) - Affected versions: < 16.5-5, < 16.4-8 - Patched versions: 16.5-5, 16.4-8 补丁 Tuleap Community Edition 16.5.99.1742306712 Tuleap Enterprise Edition 16.5-5 Tuleap Enterprise Edition 16.4-8 CVE ID CVE-2025-29929 弱点 CWE-352 参考链接 request #42231 Missing CSRF protection on tracker hierarchy administration dce6174 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dce6174f3a169da1f6b585ad5e6e0847fa3c950