cbcvebase.
CVE-2023-48715
published 2023-12-11

CVE-2023-48715: Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.52%
40.1th percentile
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.

Affected

4 ranges
VendorProductVersion rangeFixed in
enaleantuleap< 15.1-815.1-8
enaleantuleap< 15.2.99.10315.2.99.103
enaleantuleap
enaleantuleap>= 15.2 < 15.2-415.2-4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.