Lucene search

PRIOn knowledge basePRION:CVE-2023-30619

HistoryMay 04, 2023 - 2:15 p.m.

Code injection

2023-05-0414:15:00

PRIOn knowledge base

www.prio-n.com

tuleap open alm

code injection

tooltip vulnerability

patch

version 14.7.99.143

system development

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.

CPENameOperatorVersion
tuleapge14.7.99.76
tuleaplt14.7.99.143

CPE	Name	Operator	Version
	tuleap	ge	14.7.99.76
	tuleap	lt	14.7.99.143

References

github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df

tuleap.net/plugins/tracker/?aid=31586