CVE-2024-52599
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Enalean | tuleap | < 16.1.99.50 | affected |
| Enalean | tuleap | < 16.1-4 | affected |
| Enalean | tuleap | < 16.0-7 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7
- https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://tuleap.net/plugins/tracker/?aid=40459
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.