CVE-2017-7411

Name of the Vulnerable Software and Affected Versions Enalean Tuleap versions 9.6 and prior

Description The issue exists due to the User::getRecentElements() method using the unserialize() function with a preference value that can be manipulated by malicious users through the REST API interface. This allows an attacker to inject arbitrary PHP objects into the application scope, enabling various attacks, including Remote Code Execution.

Recommendations For Enalean Tuleap versions 9.6 and prior, consider disabling the User::getRecentElements() method or restricting access to the REST API interface until a patch is available. Avoid using the unserialize() function with user-provided input to minimize the risk of exploitation.