Enalean Tuleap
Moderate fix2 remedies
cpe:2.3:a:enalean:tuleap:*:*:*:*:*:*:*
Moderate fix2 remedies
- < 16.8.99.1749830289
- < 16.9-1
Tuleap Cross-Site Request Forgery Vulnerability in Tracker Report Management
Vulnerability
Patched
A cross-site request forgery (CSRF) vulnerability has been identified in Tuleap Community Edition versions prior to 16.8.99.1749830289 and Tuleap Enterprise Edition versions prior to 16.9-1. This vulnerability allows an attacker to trick users into unintentionally modifying tracker reports, such as updating or changing canned responses.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in tracker reports, including the creation, modification, or deletion of report data.
Reproduction
The vulnerability can be reproduced by sending a request to update a tracker report without including the necessary CSRF protection. This can be done by omitting the 'data-challenge' parameter that is typically required to validate the request.
Remediation
Users can upgrade to Tuleap Community Edition 16.8.99.1749830289 or Tuleap Enterprise Edition 16.9-1, both of which include the necessary patch to address this vulnerability.
Added: Jun 25, 2025, 4:20 PM
Updated: Jun 25, 2025, 4:20 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
0.6exploitability
6.0remediation
7.7relevance
0.2threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.