45 matches found
CVE-2021-41276
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to ...
CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...
CVE-2025-64497
CVE-2025-64497 describes an access-control vulnerability in Tuleap where users without access to certain projects could retrieve file release system information. Affected products are Tuleap Community Edition versions below 17.0.99.1762431347 and Tuleap Enterprise Edition versions below 17.0-2, 1...
Enalean Tuleap 跨站请求伪造漏洞
Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A cross-site request forgery vulnerability exists in Enalean Tuleap that stems from a lack of CSRF protection and could lead to the creation...
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...
EUVD-2024-22480
Malicious code in bioql PyPI...
EUVD-2024-28177
Malicious code in bioql PyPI...
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...
CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...
CVE-2025-48991
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...
CVE-2025-50179
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...
CVE-2025-50179
Summary: CVE-2025-50179 affects Tuleap. The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to trick victims into changing canned responses. Affected products are Tuleap Community Edition prior to 16.8.99.1749830289 and Tuleap Enterprise Edition prior to 16.9-1. ...
CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...
CVE-2025-48991
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...
PT-2025-26830 · Unknown · Tuleap Enterprise Edition +1
Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.8.99.1748845907 Tuleap Enterprise Edition versions prior to 16.8-3 Tuleap Enterprise Edition versions prior to 16.7-5 Description: An attacker could use a vulnerability present in Tuleap to trick...
CVE-2024-46980
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them ...
CVE-2024-52599
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a...
CVE-2022-39233
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...
CVE-2025-30209
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...
CVE-2025-29929
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...