cbcvebase.

Enalean Tuleap vulnerabilities

71 known vulnerabilities affecting enalean/tuleap.

Total CVEs
71
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH13MEDIUM55

Vulnerabilities

Page 4 of 4
CVE-2022-23473P4MEDIUMCVSS 4.3fixed in 14.1-6fixed in 14.2.99.148+1 more2022-12-13
CVE-2022-23473 [MEDIUM] CWE-863 CVE-2022-23473: Tuleap is an Open Source Suite to improve management of software developments and collaboration. In Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue
nvd
CVE-2025-65962P4MEDIUMCVSS 4.3fixed in 16.13-9fixed in 17.0.99.1763803709+4 more2025-12-09
CVE-2025-65962 [MEDIUM] CWE-352 CVE-2025-65962: Tuleap is a free and open source suite for management of software development and collaboration. Ver Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is
nvd
CVE-2025-64760P4MEDIUMCVSS 4.3fixed in 16.13-8fixed in 17.0.99.1763126988+4 more2025-12-08
CVE-2025-64760 [MEDIUM] CWE-352 CVE-2025-64760: Tuleap is a free and open source suite for management of software development and collaboration. Ver Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community E
nvd
CVE-2023-23938P4MEDIUMCVSS 4.8fixed in 14.4-7≥ 13.8.99.49, < 14.5.99.4+2 more2023-04-20
CVE-2023-23938 [MEDIUM] CWE-79 CVE-2023-23938: Tuleap is a Free & Source tool for end to end traceability of application and system developments. A Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tr
nvd
CVE-2022-46160P4MEDIUMCVSS 4.3fixed in 14.1-5fixed in 14.2.99.104+1 more2022-12-13
CVE-2022-46160 [MEDIUM] CWE-863 CVE-2022-46160: Tuleap is an Open Source Suite to improve management of software developments and collaboration. In Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. num
nvd
CVE-2025-22129P4MEDIUMCVSS 4.3fixed in 16.2-5fixed in 16.3.99.1736242932+1 more2025-02-03
CVE-2025-22129 [MEDIUM] CWE-280 CVE-2025-22129: Tuleap is an Open Source Suite to improve management of software developments and collaboration. In Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised t
nvd
CVE-2025-29766P4MEDIUMCVSS 4.3fixed in 16.4-8fixed in 16.5.99.1741784483+1 more2025-03-31
CVE-2025-29766 [MEDIUM] CWE-352 CVE-2025-29766: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Communi
nvd
CVE-2025-29929P4MEDIUMCVSS 4.3fixed in 16.4-8fixed in 16.5.99.1742306712+1 more2025-03-31
CVE-2025-29929 [MEDIUM] CWE-352 CVE-2025-29929: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tul Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1
nvd
CVE-2025-48991P4MEDIUMCVSS 4.3fixed in 16.7-5fixed in 16.8.99.1748845907+2 more2025-06-25
CVE-2025-48991 [MEDIUM] CWE-352 CVE-2025-48991: Tuleap is an Open Source Suite to improve management of software developments and collaboration. An Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 1
nvd
CVE-2024-37167P4MEDIUMCVSS 4.3fixed in 15.8-5fixed in 15.9.99.97+1 more2024-06-25
CVE-2024-37167 [MEDIUM] CWE-285 CVE-2024-37167: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Use Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.
nvd
CVE-2025-50179P4MEDIUMCVSS 4.3fixed in 16.8.99.1749830289fixed in 16.9-12025-06-25
CVE-2025-50179 [MEDIUM] CWE-352 CVE-2025-50179: Tuleap is an Open Source Suite to improve management of software developments and collaboration. An Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Ed
nvd
Enalean Tuleap vulnerabilities | cvebase