CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31063 – Cross site scripting via the title of a document in Tuleap
https://notcve.org/view.php?id=CVE-2022-31063
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/Enalean/tuleap/commit/c947975a4f1ff7bbfd7d5cd24a2e16bf12bd96d4 https://github.com/Enalean/tuleap/security/advisories/GHSA-4fx8-4ff3-96jf https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=c947975a4f1ff7bbfd7d5cd24a2e16bf12bd96d4 https://tuleap.net/plugins/tracker/?aid=27173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31032 – Resources of private projects can be exposed in Tuleap
https://notcve.org/view.php?id=CVE-2022-31032
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. • https://docs.tuleap.org/administration-guide/users-management/security/site-access.html https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e5654 https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17ca https://github.com/Enalean/tuleap/security/advisories/GHSA-hvx6-4228-whj3 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=7e221a9d1893c13407b35008762757a76d8e5654 https://tuleap.net/plugins/tracker/?aid=26816 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24896 – Tracker report renderer and chart widgets leak information in Tuleap
https://notcve.org/view.php?id=CVE-2022-24896
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. Tuleap es una suite libre y de código abierto para administrar el desarrollo de software y la colaboración. En versiones anteriores a 13.7.99.239, Tuleap no verifica apropiadamente las autorizaciones cuando muestra el contenido del renderizador de informes de seguimiento y los widgets de gráficos. • https://github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a184313 https://github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=8e99e7c82d9fe569799019b9e1d614d38a184313 https://tuleap.net/plugins/tracker/?aid=26729 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43806 – SQL injection in Tuleap
https://notcve.org/view.php?id=CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. • https://github.com/Enalean/tuleap/commit/b82be896b00a787ed46a77bd4700e8fccfe2e5ba https://github.com/Enalean/tuleap/security/advisories/GHSA-x8fr-8gvw-cc4v https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b82be896b00a787ed46a77bd4700e8fccfe2e5ba https://tuleap.net/plugins/tracker/?aid=24202 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41276 – Indirect LDAP injection in Tuleap
https://notcve.org/view.php?id=CVE-2021-41276
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. • https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c https://tuleap.net/plugins/tracker/?aid=24149 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •