Primary

Context

Tuleap Mass Email Content Injection Vulnerability

Vulnerability

Patched

A content injection vulnerability has been identified in Tuleap's mass emailing features, which are present in versions prior to Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. The vulnerability arises because the mass emailing feature does not properly sanitize HTML content before sending emails. This lack of sanitation could allow a malicious user to inject harmful content, potentially facilitating phishing attempts or exploiting vulnerabilities in the email clients of recipients.

Impact

Exploitation of this vulnerability could lead to unauthorized content injection in emails, creating opportunities for phishing attacks or exploitation of vulnerabilities in the email clients of the recipients.

Remediation

Users can upgrade to Tuleap Community Edition 16.4.99.1740567344 or Tuleap Enterprise Edition 16.4-6 or 16.3-11 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tuleap Mass Email Content Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Enalean Tuleap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating