CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job

Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git...

PT-2023-23583 · Jenkins +2 · Jenkins +3

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 14.8.99.60 Tuleap Enterprise Edition versions prior to 14.8-3 Tuleap Enterprise Edition versions prior to 14.7-7 Description: The issue concerns the improper escaping of logs of triggered Jenkins job...