← Back to CVEs
CVE-2021-41155
HIGH8.8
Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/18/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
enalean:tuleap
Weaknesses (CWE)
CWE-89CWE-89
References
https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14(security-advisories@github.com)
https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr(security-advisories@github.com)
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14(security-advisories@github.com)
https://tuleap.net/plugins/tracker/?aid=16214(security-advisories@github.com)
https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr(af854a3a-2127-422b-91ae-364da2661108)
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14(af854a3a-2127-422b-91ae-364da2661108)
https://tuleap.net/plugins/tracker/?aid=16214(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.