CVE-2024-46980

Опубликовано: 14 окт. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

Ссылки

https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj
Third Party Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494
Issue Tracking
Patch
https://tuleap.net/plugins/tracker/?aid=39689
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Версия до 15.12-6 (исключая)

cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*

Версия до 15.13.99.37 (исключая)

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*

Версия от 15.13-0 (включая) до 15.13-3 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 33%

0.00134

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79