QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52599

Published: Dec 9, 2024

Modified: Dec 10, 2024

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.

Vendor	Product	Versions
Enalean	tuleap	affected `< 16.1.99.50` affected `< 16.1-4` affected `< 16.0-7`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7

x_refsource_CONFIRM

https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5

x_refsource_MISC

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5

x_refsource_MISC

https://tuleap.net/plugins/tracker/?aid=40459

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.