CVE-2023-30619

Name of the Vulnerable Software and Affected Versions Tuleap Open ALM versions prior to 14.7.99.143

Description The title of an artifact is not properly escaped in the tooltip, allowing a malicious user with the capability to create an artifact or edit a field title to force a victim to execute uncontrolled code. A malicious user could exploit this issue by creating or editing an artifact with a specially crafted title.

Recommendations For versions prior to 14.7.99.143, update to version 14.7.99.143 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or edit artifacts and field titles to trusted users until the update is applied.