Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enalean tuleap vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-17298
An issue exists in Enalean Tuleap prior to 10.5. Reset password links are not invalidated after a user changes its password.
Enalean Tuleap
4.3
CVSSv3
CVE-2022-24896
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions before 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulne...
Enalean Tuleap
7.2
CVSSv3
CVE-2021-43782
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribu...
Enalean Tuleap
8.8
CVSSv3
CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated ma...
Enalean Tuleap
4.3
CVSSv3
CVE-2022-23473
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions before 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edi...
Enalean Tuleap
8.8
CVSSv3
CVE-2021-41154
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Co...
Enalean Tuleap
NA
CVE-2014-7178
Enalean Tuleap prior to 7.5.99.6 allows remote malicious users to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
Enalean Tuleap
1 EDB exploit
7.2
CVSSv3
CVE-2022-31058
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions before 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the ca...
Enalean Tuleap
5.4
CVSSv3
CVE-2022-31063
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions before 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked doc...
Enalean Tuleap
5.4
CVSSv3
CVE-2021-41142
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition before 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capabi...
Enalean Tuleap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »