cbcvebase.
CVE-2023-35929
published 2023-07-25

CVE-2023-35929: Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.40%
31.6th percentile
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.

Affected

6 ranges
VendorProductVersion rangeFixed in
enaleantuleap< 14.9-514.9-5
enaleantuleap< 14.10.99.414.10.99.4
enaleantuleap
enaleantuleap
enaleantuleap
enaleantuleap>= 14.10 < 14.10-214.10-2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.