Enalean Tuleap vulnerabilities
71 known vulnerabilities affecting enalean/tuleap.
Total CVEs
71
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH13MEDIUM55
Vulnerabilities
Page 2 of 4
CVE-2018-7634P3HIGHCVSS 8.8v9.172018-03-01
CVE-2018-7634 [HIGH] CWE-352 CVE-2018-7634: An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-m
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
nvd
CVE-2024-23344P3MEDIUMCVSS 6.5fixed in 15.3.5≥ 15.2.99.49, < 15.4.99.140+1 more2024-02-06
CVE-2024-23344 [MEDIUM] CWE-200 CVE-2024-23344: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Som
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
nvd
CVE-2025-27150P3MEDIUMCVSS 6.5fixed in 16.3-11fixed in 16.4.99.1740492866+1 more2025-03-04
CVE-2025-27150 [MEDIUM] CWE-538 CVE-2025-27150: Tuleap is an Open Source Suite to improve management of software developments and collaboration. The
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap
nvd
CVE-2025-54877P4MEDIUMCVSS 5.3fixed in 16.9-8fixed in 16.10.99.1754050155+4 more2025-08-29
CVE-2025-54877 [MEDIUM] CWE-863 CVE-2025-54877: Tuleap is an Open Source Suite created to facilitate management of software development and collabor
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even i
nvd
CVE-2024-46988P4MEDIUMCVSS 5.7fixed in 15.12-6fixed in 15.13.99.40+2 more2024-10-14
CVE-2024-46988 [MEDIUM] CWE-280 CVE-2024-46988: Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise E
nvd
CVE-2025-53541P4MEDIUMCVSS 5.4fixed in 16.8-5fixed in 16.9.99.1751892857+4 more2025-07-29
CVE-2025-53541 [MEDIUM] CWE-79 CVE-2025-53541: Tuleap is an Open Source Suite created to facilitate management of software development and collabor
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could insert malicious code when displaying the children of a pare
nvd
CVE-2025-52899P4MEDIUMCVSS 5.3fixed in 16.8-4fixed in 16.9.99.1750843170+4 more2025-07-29
CVE-2025-52899 [MEDIUM] CWE-204 CVE-2025-52899: Tuleap is an Open Source Suite created to facilitate management of software development and collabor
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170
nvd
CVE-2022-39233P4MEDIUMCVSS 5.4≥ 12.9.99.228, < 14.0.99.24≥ 12.10, < 13.12-6+2 more2022-10-19
CVE-2022-39233 [MEDIUM] CWE-862 CVE-2022-39233: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboratio
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab reposi
nvd
CVE-2022-31128P4MEDIUMCVSS 5.4≥ 13.9.9.110, < 13.10.99.82≥ 13.10, < 13.10-3+1 more2022-08-01
CVE-2022-31128 [MEDIUM] CWE-862 CVE-2022-31128: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboratio
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of
nvd
CVE-2025-27094P4MEDIUMCVSS 5.4fixed in 16.3-9fixed in 16.4.99.1739877910+1 more2025-03-03
CVE-2025-27094 [MEDIUM] CWE-440 CVE-2025-27094: Tuleap is an open-source suite designed to improve software development management and collaboration
Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, numbe
nvd
CVE-2023-35929P4MEDIUMCVSS 5.4fixed in 14.9-5fixed in 14.10.99.4+4 more2023-07-25
CVE-2023-35929 [MEDIUM] CWE-79 CVE-2023-35929: Tuleap is a free and open source suite to improve management of software development and collaborati
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user wit
nvd
CVE-2024-52599P4MEDIUMCVSS 5.4fixed in 16.0-7fixed in 16.1.99.50+2 more2024-12-09
CVE-2024-52599 [MEDIUM] CWE-79 CVE-2024-52599: Tuleap is an open source suite to improve management of software developments and collaboration. In
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled
nvd
CVE-2025-64499P4MEDIUMCVSS 5.4fixed in 16.12-10fixed in 17.0.99.1762456922+6 more2025-12-08
CVE-2025-64499 [MEDIUM] CWE-352 CVE-2025-64499: Tuleap is a free and open source suite for management of software development and collaboration. Tul
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plan
nvd
CVE-2025-30209P4MEDIUMCVSS 5.3fixed in 16.4-10fixed in 16.5.99.1742812323+1 more2025-03-31
CVE-2025-30209 [MEDIUM] CWE-863 CVE-2025-30209: Tuleap is an Open Source Suite to improve management of software developments and collaboration. An
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.
nvd
CVE-2025-24029P4MEDIUMCVSS 5.3fixed in 16.2-7fixed in 16.3.99.1737562605+1 more2025-02-03
CVE-2025-24029 [MEDIUM] CWE-280 CVE-2025-24029: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Use
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Editio
nvd
CVE-2023-48715P4MEDIUMCVSS 5.4fixed in 15.1-8fixed in 15.2.99.103+2 more2023-12-11
CVE-2023-48715 [MEDIUM] CWE-79 CVE-2023-48715: Tuleap is an open source suite to improve management of software developments and collaboration. Pri
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create
nvd
CVE-2025-27156P4MEDIUMCVSS 5.4fixed in 16.3-11fixed in 16.4.99.1740567344+1 more2025-03-04
CVE-2025-27156 [MEDIUM] CWE-79 CVE-2025-27156: Tuleap is an Open Source Suite to improve management of software developments and collaboration. The
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Communi
nvd
CVE-2023-30619P4MEDIUMCVSS 5.4≥ 14.7.99.76, < 14.7.99.143v >= 14.7.99.76, < 14.7.99.1432023-05-04
CVE-2023-30619 [MEDIUM] CWE-79 CVE-2023-30619: Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and syste
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version
nvd
CVE-2024-47766P4MEDIUMCVSS 4.9fixed in 15.12-8fixed in 15.13.99.110+2 more2024-10-14
CVE-2024-47766 [MEDIUM] CWE-280 CVE-2024-47766: Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via th
nvd
CVE-2021-41142P4MEDIUMCVSS 5.4fixed in 11.17.99.146fixed in 12.11-2+2 more2021-10-14
CVE-2021-41142 [MEDIUM] CWE-79 CVE-2021-41142: Tuleap Open ALM is a libre and open source tool for end to end traceability of application and syste
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim
nvd