cbcvebase.

Enalean Tuleap vulnerabilities

71 known vulnerabilities affecting enalean/tuleap.

Total CVEs
71
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH13MEDIUM55

Vulnerabilities

Page 3 of 4
CVE-2022-31063P4MEDIUMCVSS 5.4fixed in 13.9.99.111≥ 13.8.0, < 13.8.6+1 more2022-06-29
CVE-2022-31063 [MEDIUM] CWE-79 CVE-2022-31063: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboratio Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could fo
nvd
CVE-2025-59040P4MEDIUMCVSS 4.3fixed in 16.11.99.17574276002025-09-18
CVE-2025-59040 [MEDIUM] CWE-280 CVE-2025-59040: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Bac Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.11.99.1757427600 and Tuleap Enterprise Edition 16.1
nvd
CVE-2023-39521P4MEDIUMCVSS 4.8fixed in 14.10-7fixed in 14.11.99.82+4 more2023-08-24
CVE-2023-39521 [MEDIUM] CWE-79 CVE-2023-39521: Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administra
nvd
CVE-2024-46980P4MEDIUMCVSS 4.8fixed in 15.12-6fixed in 15.13.99.37+2 more2024-10-14
CVE-2024-46980 [MEDIUM] CWE-79 CVE-2024-46980: Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve conte
nvd
CVE-2025-27401P4MEDIUMCVSS 4.6fixed in 16.3-11fixed in 16.4.99.1740498975+1 more2025-03-04
CVE-2025-27401 [MEDIUM] CWE-440 CVE-2025-27401: Tuleap is an Open Source Suite to improve management of software developments and collaboration. In Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filters of all reports of the instance and delete them. T
nvd
CVE-2025-27402P4MEDIUMCVSS 4.6fixed in 16.3-11fixed in 16.4.99.1740414959+1 more2025-03-04
CVE-2025-27402 [MEDIUM] CWE-352 CVE-2025-27402: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959
nvd
CVE-2026-24007P4MEDIUMCVSS 4.6fixed in 17.0-9fixed in 17.0.99.1768924735+2 more2026-02-02
CVE-2026-24007 [MEDIUM] CWE-352 CVE-2026-24007: Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is m Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition
nvd
CVE-2025-64117P4MEDIUMCVSS 4.6vTuleap Community Edition < 16.13.99.1761813675vTuleap Enterprise Edition < 16.13-5+1 more2025-11-12
CVE-2025-64117 [MEDIUM] CWE-352 CVE-2025-64117: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of SVN commit rules and immutable tags. An attacker could
nvd
CVE-2025-64482P4MEDIUMCVSS 4.6vTuleap Community Edition < 16.13.99.1762267347vTuleap Enterprise Edition < 17.0-1+2 more2025-11-12
CVE-2025-64482 [MEDIUM] CWE-352 CVE-2025-64482: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file release system. An attacker could use this vulnerabil
nvd
CVE-2024-39902P4MEDIUMCVSS 4.3fixed in 15.9-8fixed in 15.10.99.128+1 more2024-07-22
CVE-2024-39902 [MEDIUM] CWE-281 CVE-2024-39902: Tuleap is an open source suite to improve management of software developments and collaboration. Pri Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissions modal is not taken into account and always consider
nvd
CVE-2022-24896P4MEDIUMCVSS 4.3fixed in 13.6-5fixed in 13.7.99.239+1 more2022-06-09
CVE-2022-24896 [MEDIUM] CWE-862 CVE-2022-24896: Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as t
nvd
CVE-2023-38508P4MEDIUMCVSS 4.3fixed in 14.10-6fixed in 14.11.99.28+4 more2023-08-24
CVE-2023-38508 [MEDIUM] CWE-285 CVE-2023-38508: Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occur
nvd
CVE-2024-47767P4MEDIUMCVSS 4.3fixed in 15.12-8fixed in 15.13.99.113+2 more2024-10-14
CVE-2024-47767 [MEDIUM] CWE-280 CVE-2024-47767: Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tule
nvd
CVE-2025-53902P4MEDIUMCVSS 4.3fixed in 16.8-6fixed in 16.9.99.1752585665+4 more2025-07-29
CVE-2025-53902 [MEDIUM] CWE-863 CVE-2025-53902: Tuleap is an Open Source Suite created to facilitate management of software development and collabor Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed i
nvd
CVE-2025-30155P4MEDIUMCVSS 4.3fixed in 16.4-8fixed in 16.5.99.1742392651+1 more2025-03-31
CVE-2025-30155 [MEDIUM] CWE-863 CVE-2025-30155: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.
nvd
CVE-2025-64498P4MEDIUMCVSS 4.3fixed in 16.12-10fixed in 17.0.99.1762444754+6 more2025-12-08
CVE-2025-64498 [MEDIUM] CWE-352 CVE-2025-64498: Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Comm Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition
nvd
CVE-2023-32072P4MEDIUMCVSS 4.8fixed in 14.7-7fixed in 14.8.99.60+4 more2023-05-29
CVE-2023-32072 [MEDIUM] CWE-79 CVE-2023-32072: Tuleap is an open source tool for end to end traceability of application and system developments. Tu Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a
nvd
CVE-2025-27099P4MEDIUMCVSS 4.8fixed in 16.3-10fixed in 16.4.99.1740067916+1 more2025-03-03
CVE-2025-27099 [MEDIUM] CWE-79 CVE-2025-27099: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to
nvd
CVE-2025-30203P4MEDIUMCVSS 4.8fixed in 16.4-8fixed in 16.5.99.1742562878+1 more2025-03-31
CVE-2025-30203 [MEDIUM] CWE-79 CVE-2025-30203: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability
nvd
CVE-2022-31032P4MEDIUMCVSS 4.3fixed in 13.9.99.111≥ 13.8.0, < 13.8.6+2 more2022-06-29
CVE-2022-31032 [MEDIUM] CWE-200 CVE-2022-31032: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboratio Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not prope
nvd
Enalean Tuleap vulnerabilities | cvebase