CVE-2026-24007

EPSS 0.01%
Veröffentlicht 02.02.2026 23:16:07
Zuletzt bearbeitet 23.02.2026 20:29:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 17.0-9

Enalean ≫ Tuleap SwEditioncommunity Version < 17.0.99.1768924735

Enalean ≫ Tuleap SwEditionenterprise Version >= 17.1 < 17.1-6

Enalean ≫ Tuleap SwEditionenterprise Version >= 17.2 < 17.2-5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw

Patch

Vendor Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5

Broken Link

https://tuleap.net/plugins/tracker/?aid=46389

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-24007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-24007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-24007

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-24007