CVE-2025-65962 Tuleap has missing CSRF protections its in tracker field dependencies

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies,...

CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...

CVE-2025-54877

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special...

CVE-2024-46980

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them ...

CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

PT-2025-13797 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.5.99.1742392651 Tuleap Enterprise Edition versions prior to 16.5-5 and 16.4-8 Description: The issue concerns the lack of enforcement of read permissions on parent trackers in the REST API. This affects the...

PT-2025-13789 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.5.99.1742562878 Tuleap Enterprise Edition versions prior to 16.5-5 and 16.4-8 Description: The issue allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someo...

PT-2025-13787 · Tuleap · Tuleap

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.5.99.1742306712 Tuleap Enterprise Edition versions prior to 16.5-5 and 16.4-8 Description: The issue is related to the lack of CSRF protection on tracker hierarchy administration. An attacker could exploit this to...

CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...