Lucene search

GoogleOSV:CVE-2023-30619

HistoryMay 04, 2023 - 2:15 p.m.

CVE-2023-30619

2023-05-0414:15:11

Google

osv.dev

tuleap

open source

traceability

application development

system development

artifact

malicious user

uncontrolled code

patch

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.

CPENameOperatorVersion
tuleapeq11.14
tuleapeq8.1
tuleapeq8.14
tuleapeq8.9
tuleapeq9.12
tuleapeq8.6
tuleapeq5.0.2
tuleapeq13.3
tuleapeq12.8
tuleapeq7.4

Name	Operator	Version
tuleap	eq	11.14
tuleap	eq	8.1
tuleap	eq	8.14
tuleap	eq	8.9
tuleap	eq	9.12
tuleap	eq	8.6
tuleap	eq	5.0.2
tuleap	eq	13.3
tuleap	eq	12.8
tuleap	eq	7.4

Rows per page:

1-10 of 1631

References

github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

tuleap.net/plugins/tracker/?aid=31586