PT-2021-23134 · Svn Core+1 · Svn Core+2

Tgerbet

Published

2021-10-18

Updated

2021-10-22

CVE-2021-41154

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 11.17.99.144 Tuleap Enterprise Edition versions prior to 11.17-5 Tuleap Enterprise Edition versions prior to 11.16-7

Description The issue allows an attacker with read access to a "SVN core" repository to execute arbitrary SQL queries, potentially leading to unauthorized data access or modification.

Recommendations For Tuleap Community Edition versions prior to 11.17.99.144, update to version 11.17.99.144 or later. For Tuleap Enterprise Edition versions prior to 11.17-5, update to version 11.17-5 or later. For Tuleap Enterprise Edition versions prior to 11.16-7, update to version 11.16-7 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-41154

GHSA-6462-GFV9-JF83

Affected Products

Svn Core

Tuleap Community Edition

Tuleap Enterprise Edition

PT-2021-23134 · Svn Core+1 · Svn Core+2

CVE-2021-41154

Weakness Enumeration

Related Identifiers

Affected Products

References · 7