6 matches found
CVE-2025-27150
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to ...
CVE-2025-27156
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail c...
CVE-2025-27099
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vu...
CVE-2025-27094
Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute fo...
CVE-2025-27401
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filt...
CVE-2025-27402
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is ...