CVE-2018-7634

Name of the Vulnerable Software and Affected Versions Enalean Tuleap version 9.17

Description The issue is related to a lack of CSRF attack mitigation, which allows attackers to abuse the email address change functionality. This can lead to account takeover by making a victim change their registered email address on the application through a CSRF attack.

Recommendations For Enalean Tuleap version 9.17, consider implementing CSRF attack mitigation measures to prevent abuse of the email address change functionality, such as validating request tokens to ensure requests are genuine and not forged.