CVE-2025-27402

EPSS 0.05%
Veröffentlicht 04.03.2025 17:15:19
Zuletzt bearbeitet 22.08.2025 15:37:24
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 16.3-11

Enalean ≫ Tuleap SwEditioncommunity Version < 16.4.99.1740414959

Enalean ≫ Tuleap SwEditionenterprise Version >= 16.4 < 16.4-6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/Enalean/tuleap/commit/ea6319e2ad40beeda335af4ccd7a204a6912765c

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-66pg-cpjf-2mfg

Patch

Third Party Advisory

https://tuleap.net/plugins/tracker/?aid=41857

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-27402

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27402

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27402

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-27402