Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tuleap — Vulnerabilities & Security Advisories 62

All 62 CVE vulnerabilities found in tuleap, with AI-generated Chinese analysis, references, and POCs.

Vendor: Enalean

CVE IDTitleCVSSSeverityPublished
CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget CWE-280 4.9 Medium2024-10-14
CVE-2024-46988 Tuleap does not properly check permissions for email notifications in trackers CWE-280 4.8 Medium2024-10-14
CVE-2024-46980 Tuleap vulnerable to XSS in the HTML mail content of the cross reference field CWE-79 4.8 Medium2024-10-14
CVE-2024-39902 Tuleap's recursive permissions to document manager folder are not properly applied CWE-281 4.8 Medium2024-07-22
CVE-2024-37167 Tuleap has improper permissions of the backlog items CWE-285 4.3 Medium2024-06-25
CVE-2024-30246 Tuleap deleting or moving an artifact can delete values from unrelated artifacts CWE-440 7.6 High2024-03-29
CVE-2024-25130 Tuleap's mass update clears the permissions on artifact field CWE-200 5.4 Medium2024-02-22
CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users CWE-200 5.3 Medium2024-02-06
CVE-2023-48715 Tuleap vulnerable to Cross-site Scripting on the edition page of a release CWE-79 5.4 Medium2023-12-11
CVE-2023-39521 Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion CWE-79 4.8 Medium2023-08-24
CVE-2023-38508 Tuleap allows preview of a linked artifact with a type does not respect permissions CWE-285 6.5 Medium2023-08-24
CVE-2023-35929 Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps CWE-79 5.4 Medium2023-07-25
CVE-2023-35938 User access not updated with privilege change in Tuleap CWE-281 4.1 Medium2023-06-29
CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job CWE-79 4.8 Medium2023-05-29
CVE-2023-30619 XSS in the tooltip via an artifact title CWE-79 5.4 Medium2023-05-04
CVE-2023-23938 Cross-site Scripting (XSS) through the name of a color of select box values in tuleap CWE-79 5.9 Medium2023-04-20
CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages CWE-863 4.3 Medium2022-12-13
CVE-2022-46160 Tuleap dashboards vulnerable to Incorrect Authorization CWE-863 4.3 Medium2022-12-13
CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification CWE-862 4.3 Medium2022-10-19
CVE-2022-31128 Fine grained permissions are not checked in Tuleap CWE-862 5.4 Medium2022-08-01
CVE-2022-31058 SQL injection via the field name of a tracker in Tuleap CWE-89 7.2 High2022-06-29
CVE-2022-31063 Cross site scripting via the title of a document in Tuleap CWE-79 6.5 Medium2022-06-29
CVE-2022-31032 Resources of private projects can be exposed in Tuleap CWE-200 4.3 Medium2022-06-29
CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap CWE-862 4.3 Medium2022-06-06
CVE-2021-43806 SQL injection in Tuleap CWE-89 8.8 High2021-12-15
CVE-2021-41276 Indirect LDAP injection in Tuleap CWE-74 6.7 Medium2021-12-15
CVE-2021-43782 Indirect LDAP injection in Tuleap CWE-90 6.7 Medium2021-12-15
CVE-2021-41154 SQL injection in the "SVN core" commits browser CWE-89 8.8 High2021-10-18
CVE-2021-41155 SQL injection in CVS revisions browser CWE-89 8.8 High2021-10-18
CVE-2021-41148 The update of the CI job targeted by a widget is vulnerable to blind SQL injections CWE-89 8.8 High2021-10-15

All 62 known CVE vulnerabilities affecting tuleap with full Chinese analysis, references, and POCs where available.