PT-2023-26993 · Unknown · Tuleap Enterprise Edition+1

Tgerbet

Publicado

2023-08-24

Atualizado

2023-08-30

CVE-2023-39521

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 14.11.99.28 Tuleap Enterprise Edition versions prior to 14.10-6 Tuleap Enterprise Edition versions prior to 14.11-3

Description The issue arises from content not being properly escaped in the "card fields" of Tuleap, which can be seen in the kanban and PV2 apps. This can lead to an agile dashboard administrator being forced to execute uncontrolled code when deleting a kanban with a malicious label.

Recommendations For Tuleap Community Edition versions prior to 14.11.99.28, update to version 14.11.99.28 or later. For Tuleap Enterprise Edition versions prior to 14.10-6, update to version 14.10-6 or later. For Tuleap Enterprise Edition versions prior to 14.11-3, update to version 14.11-3 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-39521

GHSA-H9XC-W7QQ-VPFC

Produtos afetados

Tuleap Community Edition

Tuleap Enterprise Edition

PT-2023-26993 · Unknown · Tuleap Enterprise Edition+1

CVE-2023-39521

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8