CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

Enalean Tuleap 跨站请求伪造漏洞

Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A cross-site request forgery vulnerability exists in Enalean Tuleap, which stems from the lack of CSRF protection in the Planning Management...

Update documentation regarding plan permissions to edit and delete plans

h3. Summary According to our documentation Disabling or deleting a plan|https://confluence.atlassian.com/bamboo/disabling-or-deleting-a-plan-289276855.html/, it is only possible to delete a plan by having "Admin" Global permissions. This is not accurate. Test done: Create a group called...