Enalean

Tuleap

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-41148

  • EPSS 0.86%
  • Veröffentlicht 15.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:25:35

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the abilit...

5.4

CVE-2021-41142

  • EPSS 0.44%
  • Veröffentlicht 14.10.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:25:34

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. ...

9.8

CVE-2018-17298

  • EPSS 0.38%
  • Veröffentlicht 21.09.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:11

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

9.8

CVE-2018-7538

Exploit
  • EPSS 11.99%
  • Veröffentlicht 12.03.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:12:19

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.

8.8

CVE-2018-7634

Exploit
  • EPSS 0.19%
  • Veröffentlicht 01.03.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:26

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered ...

8.8

CVE-2017-7411

Exploit
  • EPSS 73.89%
  • Veröffentlicht 30.10.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users...

9

CVE-2017-7981

Exploit
  • EPSS 12%
  • Veröffentlicht 29.04.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, an...

6

CVE-2014-8791

Exploit
  • EPSS 52.4%
  • Veröffentlicht 02.12.2014 01:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.

9.3

CVE-2014-7178

Exploit
  • EPSS 10.01%
  • Veröffentlicht 28.11.2014 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

6.5

CVE-2014-7176

Exploit
  • EPSS 13.78%
  • Veröffentlicht 04.11.2014 15:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.