Описание
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingPatchVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.2.99.155 (исключая)Версия от 13.1-1 (включая) до 13.1-7 (исключая)Версия от 13.2-1 (включая) до 13.2-6 (исключая)
Одно из
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 75%
0.00912
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
EPSS
Процентиль: 75%
0.00912
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89