Lesuisse

**Name of the Vulnerable Software and Affected Versions** Tuleap Community Edition versions prior to 16.11.99.1757427600 Tuleap Enterprise Edition versions prior to 16.11-6 Tuleap Enterprise Edition version 16.10-8 **Description** Backlog item representations do not verify the permissions of child trackers, potentially allowing users to view tracker names they should not have access to. **Recommendations** Update Tuleap Community Edition to version 16.11.99.1757427600. Update Tuleap Enterprise Edition to version 16.11-6. Update Tuleap Enterprise Edition to version 16.10-8.

**Name of the Vulnerable Software and Affected Versions** Tuleap Community Edition versions prior to 16.9.99.1751892857 Tuleap Enterprise Edition versions prior to 16.8-5 and 16.9-3 **Description** Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. Malicious users with some control over certain artifacts could insert malicious code when displaying the children of a parent artifact, potentially forcing victims to execute uncontrolled code. **Recommendations** Update Tuleap Community Edition to version 16.9.99.1751892857 or later. Update Tuleap Enterprise Edition to version 16.8-5 or later. Update Tuleap Enterprise Edition to version 16.9-3 or later.

**Name of the Vulnerable Software and Affected Versions** Tuleap versions prior to 16.4.99.1740567344 Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11 **Description** The mass emailing feature in Tuleap does not properly sanitize the content of HTML emails. This could allow a malicious user to facilitate phishing attempts or indirectly exploit issues in the recipients' mail clients. **Recommendations** For Tuleap Community Edition versions prior to 16.4.99.1740567344, update to version 16.4.99.1740567344 or later. For Tuleap Enterprise Edition versions prior to 16.4-6, update to version 16.4-6 or later. For Tuleap Enterprise Edition version 16.3, update to version 16.3-11 or later.

**Name of the Vulnerable Software and Affected Versions** Tuleap Community Edition versions prior to 15.2.99.103 Tuleap Enterprise Edition versions prior to 15.2-4 and 15.1-8 **Description** Tuleap is an open source suite to improve management of software developments and collaboration. The name of the releases is not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. **Recommendations** For Tuleap Community Edition versions prior to 15.2.99.103, update to version 15.2.99.103 or later. For Tuleap Enterprise Edition versions prior to 15.2-4, update to version 15.2-4 or later. For Tuleap Enterprise Edition versions prior to 15.1-8, update to version 15.1-8 or later.