Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tuleap — Vulnerabilities & Security Advisories 62

All 62 CVE vulnerabilities found in tuleap, with AI-generated Chinese analysis, references, and POCs.

Vendor: Enalean

CVE IDTitleCVSSSeverityPublished
CVE-2026-24007 Tuleap is missing CSRF protection in the Overview inconsistent items CWE-352 4.6 Medium2026-02-02
CVE-2025-65962 Tuleap has missing CSRF protections its in tracker field dependencies CWE-352 4.6 Medium2025-12-08
CVE-2025-64760 Tuleap has missing CSRF protections in its tracker trigger management system CWE-352 4.6 Medium2025-12-08
CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API CWE-352 4.6 Medium2025-12-08
CVE-2025-64498 Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability CWE-352 4.6 Medium2025-12-08
CVE-2025-64497 Tuleap exposes releases for all projects to File Release System project administrators CWE-639 6.5 Medium2025-12-08
CVE-2025-64482 Tuleap missing CSRF protections in the File Release System CWE-352 4.6 Medium2025-11-12
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags CWE-352 4.6 Medium2025-11-12
CVE-2025-59040 Tuleap backlog item representations do not verify the permissions of the child trackers CWE-280 4.3 Medium2025-09-18
CVE-2025-54877 Tuleap's special and always there fields permissions are not verified in cross-tracker search CWE-863 5.3 Medium2025-08-29
CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications CWE-863 4.3 Medium2025-07-29
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact CWE-79 5.4 Medium2025-07-29
CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form CWE-204 5.3 Medium2025-07-29
CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation CWE-352 4.6 Medium2025-06-25
CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration CWE-352 4.6 Medium2025-06-25
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API CWE-863 4.3 Medium2025-03-31
CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin CWE-863 5.3 Medium2025-03-31
CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets CWE-84 4.8 Medium2025-03-31
CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration CWE-352 4.6 Medium2025-03-31
CVE-2025-29766 Tuleap has missing CSRF protections on artifact submission & edition from the tracker view CWE-352 4.6 Medium2025-03-31
CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations CWE-352 4.6 Medium2025-03-04
CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports CWE-440 4.6 Medium2025-03-04
CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features CWE-79 4.1 Medium2025-03-04
CVE-2025-27150 Tuleap dumps the Redis password into the generated troubleshooting archives CWE-538 5.3 Medium2025-03-04
CVE-2025-27099 Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message CWE-80 4.8 Medium2025-03-03
CVE-2025-27094 Tuleap allows default values to be cleared from field configuration CWE-440 5.4 Medium2025-03-03
CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap CWE-280 4.3 Medium2025-02-03
CVE-2025-24029 Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap CWE-280 5.3 Medium2025-02-03
CVE-2024-52599 Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin CWE-79 5.4 Medium2024-12-09
CVE-2024-47767 Tuleap lists trackers in the quick add actions of the backlog without any permissions check CWE-280 4.3 Medium2024-10-14

All 62 known CVE vulnerabilities affecting tuleap with full Chinese analysis, references, and POCs where available.