CVE-2025-29929

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 16.5.99.1742306712 Tuleap Enterprise Edition versions prior to 16.5-5 and 16.4-8

Description The issue is related to the lack of CSRF protection on tracker hierarchy administration. An attacker could exploit this to trick victims into submitting or editing artifacts or follow-up comments.

Recommendations For Tuleap Community Edition versions prior to 16.5.99.1742306712, update to version 16.5.99.1742306712 or later. For Tuleap Enterprise Edition versions prior to 16.5-5, update to version 16.5-5 or later. For Tuleap Enterprise Edition version 16.4, update to version 16.4-8 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-29929

GHSA-HQQR-P5F6-26VV

Affected Products

Tuleap

CVE-2025-29929

Weakness Enumeration

Related Identifiers

Affected Products

References · 12