CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7634
https://notcve.org/view.php?id=CVE-2018-7634
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover. Se ha descubierto un problema en Enalean Tuleap 9.17. La falta de mitigación de ataques Cross-Site Request Forgery (CSRF) al cambiar una dirección de email posibilita que los atacantes puedan abusar de la funcionalidad. • https://github.com/Enalean/tuleap/commit/0843c046eee54b16ec6a7753c575838212770189 https://mustafairan.wordpress.com/2018/03/05/tuleap-mail-change-csrf-vulnerability-leads-to-account-takeover https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=commit&h=d6701289ae55de900929ff0f66313fa9771a198d https://tuleap.net/plugins/tracker/?aid=11217 https://twitter.com/Mustafaran/status/970745812887199744 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 70%CPEs: 1EXPL: 2CVE-2017-7411 – Tuleap 9.6 - Second-Order PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-7411
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). Se ha descubierto un problema en Enalean Tuleap en versiones 9.6 y anteriores. La vulnerabilidad existe debido a que el método User::getRecentElements() está empleando la función unserialize() con un valor de preferencia que puede ser manipulado de forma arbitraria por usuarios maliciosos mediante la interfaz REST de API. Esto puede ser explotado para inyectar objetos PHP arbitrarios en el ámbito de la aplicación, lo que permite que un atacante realice una serie de ataques (incluyendo, pero no limitados a la ejecución remota de código). • https://www.exploit-db.com/exploits/43374 http://karmainsecurity.com/KIS-2017-02 http://packetstormsecurity.com/files/144716/Tuleap-9.6-Second-Order-PHP-Object-Injection.html http://seclists.org/fulldisclosure/2017/Oct/53 http://www.openwall.com/lists/oss-security/2017/10/23/3 https://tuleap.net/plugins/tracker/?aid=10118 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 2CVE-2017-7981 – Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
https://notcve.org/view.php?id=CVE-2017-7981
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command. Tuleap en versiones anteriores a 9.7 permite la inyección de comandos a través del plugin PhpWiki 1.3.10 SyntaxHighlighter. Esto ocurre en el componente Project Wiki porque la función PHP de proc_open se usa dentro de PhpWiki antes de la version 1.5.5 con un valor de sintaxis en su primer argumento y un usuario Tuleap autenticado puede controlar este valor, incluso con los metacaracteres de shell, como lo demuestra una línea ' Tuleap versions between 8.3 and 9.6.99.86 suffer from a remote command injection vulnerability. • https://www.exploit-db.com/exploits/41953 https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts https://tuleap.net/plugins/tracker/?aid=10159 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 33%CPEs: 1EXPL: 4CVE-2014-8791 – Tuleap - PHP Unserialize Code Execution
https://notcve.org/view.php?id=CVE-2014-8791
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. project/register.php en Tuleap anterior a 7.7, cuando sys_create_project_in_one_step está deshabilitado, permite a usuarios remotos autenticados realizar ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro data. Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php. • https://www.exploit-db.com/exploits/35545 http://karmainsecurity.com/KIS-2014-13 http://packetstormsecurity.com/files/129309/Tuleap-7.6-4-PHP-Object-Injection.html http://seclists.org/fulldisclosure/2014/Nov/101 http://www.securityfocus.com/archive/1/534105/100/0/threaded http://www.securityfocus.com/bid/71335 https://tuleap.net/plugins/tracker/?aid=7601 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 3CVE-2014-7178 – Enalean Tuleap 7.4.99.5 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-7178
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. Enalean Tuleap anterior a 7.5.99.6 permite a atacantes remotos ejecutar comandos arbitrarios a través de la cabecera User-Agent, la cual está proporcionada en la función passthru PHP. Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/35100 http://seclists.org/fulldisclosure/2014/Oct/121 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178 https://www.tuleap.org/recent-vulnerabilities • CWE-20: Improper Input Validation •