CVE-2023-35929
published 2023-07-25CVE-2023-35929: Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition…
PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.40%
31.6th percentile
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enalean | tuleap | < 14.9-5 | 14.9-5 |
| enalean | tuleap | < 14.10.99.4 | 14.10.99.4 |
| enalean | tuleap | — | — |
| enalean | tuleap | — | — |
| enalean | tuleap | — | — |
| enalean | tuleap | >= 14.10 < 14.10-2 | 14.10-2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Enalean/tuleap/commit/0b2945fbd260d37aa0aff2ca1c867d160f76188dhttps://github.com/Enalean/tuleap/security/advisories/GHSA-xhjp-4rjf-q268https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0b2945fbd260d37aa0aff2ca1c867d160f76188dhttps://tuleap.net/plugins/tracker/?aid=32629https://github.com/Enalean/tuleap/commit/0b2945fbd260d37aa0aff2ca1c867d160f76188dhttps://github.com/Enalean/tuleap/security/advisories/GHSA-xhjp-4rjf-q268https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0b2945fbd260d37aa0aff2ca1c867d160f76188dhttps://tuleap.net/plugins/tracker/?aid=32629
2023-07-25
Published