CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43806 – SQL injection in Tuleap
https://notcve.org/view.php?id=CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6. • https://github.com/Enalean/tuleap/commit/b82be896b00a787ed46a77bd4700e8fccfe2e5ba https://github.com/Enalean/tuleap/security/advisories/GHSA-x8fr-8gvw-cc4v https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b82be896b00a787ed46a77bd4700e8fccfe2e5ba https://tuleap.net/plugins/tracker/?aid=24202 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41276 – Indirect LDAP injection in Tuleap
https://notcve.org/view.php?id=CVE-2021-41276
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. • https://github.com/Enalean/tuleap/commit/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c https://tuleap.net/plugins/tracker/?aid=24149 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43782 – Indirect LDAP injection in Tuleap
https://notcve.org/view.php?id=CVE-2021-43782
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. • https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2 https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=64e77561eba9f8233199c2962b3497ed7294a7d2 https://tuleap.net/plugins/tracker/?aid=24168 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41154 – SQL injection in the "SVN core" commits browser
https://notcve.org/view.php?id=CVE-2021-41154
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. Tuleap es una Suite Libre y de Código Abierto para mejorar la administración de desarrolladores de software y colaboración. En las versiones afectadas un atacante con acceso de lectura a un repositorio "SVN core" podría ejecutar consultas SQL arbitrarias. • https://github.com/Enalean/tuleap/commit/ab12b686ced4cf233d3b15b08da008e0553eb6a6 https://github.com/Enalean/tuleap/security/advisories/GHSA-6462-gfv9-jf83 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ab12b686ced4cf233d3b15b08da008e0553eb6a6 https://tuleap.net/plugins/tracker/?aid=16213 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41155 – SQL injection in CVS revisions browser
https://notcve.org/view.php?id=CVE-2021-41155
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7. Tuleap es una Suite Libre y de Código Abierto para mejorar la administración de desarrolladores de software y colaboración. En las versiones afectadas Tuleap no sanea apropiadamente las entradas del usuario cuando construye la consulta SQL para navegar y buscar revisiones en los repositorios CVS. • https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14 https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14 https://tuleap.net/plugins/tracker/?aid=16214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •