Enalean Tuleap
Moderate fix3 remedies
cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 16.8.99.1748845907
- < 16.8-3
- < 16.7-5
Tuleap Missing CSRF Protection Vulnerability in Tracker Canned Responses Administration
Vulnerability
Patched
A vulnerability exists in Tuleap Community Edition prior to 16.8.99.1748845907 and Tuleap Enterprise Edition prior to 16.8-3 and 16.7-5, allowing for cross-site request forgery (CSRF) attacks. The issue arises from the absence of CSRF protection when creating, updating, or deleting canned responses within tracker administration. This vulnerability could be exploited to manipulate canned responses without proper authorization.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in canned responses, potentially disrupting workflow or communication within the affected Tuleap instance.
Reproduction
To reproduce this vulnerability, navigate to the 'Canned Responses' administration section of a tracker in Tuleap. Without the presence of CSRF protection, an attacker could craft a request to create, update, or delete a canned response, effectively tricking the user into making these changes without their consent.
Remediation
Users can upgrade to Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, or Tuleap Enterprise Edition 16.7-5 to address this vulnerability.
Added: Jun 25, 2025, 2:20 PM
Updated: Jun 25, 2025, 2:20 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
0.6exploitability
5.8remediation
7.7relevance
0.2threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.