CVE-2021-43782
Indirect LDAP injection in Tuleap
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.
Tuleap es una herramienta libre y de código abierto para la trazabilidad de extremo a extremo de los desarrollos de aplicaciones y sistemas. Esto es un seguimiento de GHSA-887w-pv2r-x8pm/CVE-2021-41276, la corrección inicial era incompleta. Tuleap no sanea adecuadamente el filtro de búsqueda construido a partir del atributo ldap_id de un usuario durante la sincronización diaria. Un usuario malicioso podría forzar la suspensión de cuentas o tomar el control de otra cuenta al forzar la actualización del atributo ldap_uid. Ten en cuenta que el usuario malicioso debe tener capacidad de administrador del sitio en la instancia de Tuleap o ser un operador LDAP con capacidad para crear/modificar cuentas. La instancia de Tuleap necesita tener el plugin LDAP activado y habilitado para que este problema sea explotable. Las siguientes versiones contienen la corrección: Tuleap Community Edition versión 13.2.99.83, Tuleap Enterprise Edition versión 13.1-6, y Tuleap Enterprise Edition versión 13.2-4
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-16 CVE Reserved
- 2021-12-15 CVE Published
- 2023-08-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm | Not Applicable | |
https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Enalean Search vendor "Enalean" | Tuleap Search vendor "Enalean" for product "Tuleap" | < 13.2.99.83 Search vendor "Enalean" for product "Tuleap" and version " < 13.2.99.83" | community |
Affected
| ||||||
Enalean Search vendor "Enalean" | Tuleap Search vendor "Enalean" for product "Tuleap" | >= 13.1-1 < 13.1-6 Search vendor "Enalean" for product "Tuleap" and version " >= 13.1-1 < 13.1-6" | enterprise |
Affected
| ||||||
Enalean Search vendor "Enalean" | Tuleap Search vendor "Enalean" for product "Tuleap" | >= 13.2-1 < 13.2-4 Search vendor "Enalean" for product "Tuleap" and version " >= 13.2-1 < 13.2-4" | enterprise |
Affected
|