References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filters of all reports of the instance and delete them. The malicious user only needs to have access to one tracker. This would result in the loss of all criteria filters forcing users and tracker admins t

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-440

https://github.com/Enalean/tuleap/commit/0070fef5c3b27fd402d3232041c6e03f79a84ffd

https://github.com/Enalean/tuleap/security/advisories/GHSA-3rjf-87rf-h8m9

https://tuleap.net/plugins/tracker/?aid=41850