← Zuruck zu CVEs

CVE-2026-24007

MEDIUM

4.6

Beschreibung

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

CVE Details

CVSS v3.1 Bewertung4.6

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht2/2/2026

Zuletzt geandert2/23/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

enalean:tuleap

Schwachen (CWE)

CWE-352

Referenzen

https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5(security-advisories@github.com)

https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw(security-advisories@github.com)

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5(security-advisories@github.com)

https://tuleap.net/plugins/tracker/?aid=46389(security-advisories@github.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.