Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.
References
Link | Resource |
---|---|
https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494 | Patch |
https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj | Third Party Advisory |
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494 | Issue Tracking Patch |
https://tuleap.net/plugins/tracker/?aid=39689 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Oct 2024, 14:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Enalean
Enalean tuleap |
|
CPE | cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:* cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:* |
|
References | () https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494 - Patch | |
References | () https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj - Third Party Advisory | |
References | () https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494 - Issue Tracking, Patch | |
References | () https://tuleap.net/plugins/tracker/?aid=39689 - Exploit, Third Party Advisory |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-14 18:15
Updated : 2024-10-16 14:05
NVD link : CVE-2024-46980
Mitre link : CVE-2024-46980
CVE.ORG link : CVE-2024-46980
JSON object : View
Products Affected
enalean
- tuleap
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')