CVE-2023-32072
published 2023-05-29CVE-2023-32072: Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and…
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.47%
37.4th percentile
Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enalean | tuleap | < 14.7-7 | 14.7-7 |
| enalean | tuleap | < 14.8.99.60 | 14.8.99.60 |
| enalean | tuleap | — | — |
| enalean | tuleap | — | — |
| enalean | tuleap | — | — |
| enalean | tuleap | >= 14.8 < 14.8-3 | 14.8-3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjqhttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5https://tuleap.net/plugins/tracker/?aid=31929https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjqhttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5https://tuleap.net/plugins/tracker/?aid=31929
2023-05-29
Published