Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enalean tuleap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35929
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" ...
Enalean Tuleap
4
CVSSv2
CVE-2022-24896
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions before 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulne...
Enalean Tuleap
NA
CVE-2023-48715
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the...
Enalean Tuleap
NA
CVE-2022-46160
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions before 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a pro...
Enalean Tuleap
NA
CVE-2022-31128
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can c...
Enalean Tuleap
NA
CVE-2023-35938
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access rig...
Enalean Tuleap
6.5
CVSSv2
CVE-2017-7411
An issue exists in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and t...
Enalean Tuleap
1 EDB exploit
6.5
CVSSv2
CVE-2014-7176
SQL injection vulnerability in Enalean Tuleap prior to 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
Enalean Tuleap
2 EDB exploits
4
CVSSv2
CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and previous versions allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Enalean Tuleap
1 EDB exploit
5
CVSSv2
CVE-2018-17298
An issue exists in Enalean Tuleap prior to 10.5. Reset password links are not invalidated after a user changes its password.
Enalean Tuleap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »