Uncontrolled Code Execution Vulnerability in Tuleap Community and Enterprise Editions

Uncontrolled Code Execution Vulnerability in Tuleap Community and Enterprise Editions

CVE-2023-39521 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.

Learn more about our Open Source Audit.