Primary

Context

Tuleap Missing Cross-Site Request Forgery Protection in SVN Commit Rules Management

Vulnerability

Patched

A vulnerability exists in Tuleap Community Edition prior to 16.13.99.1761813675 and Tuleap Enterprise Edition prior to 16.13-5 and 16.12-8, where cross-site request forgery (CSRF) protection is lacking in the management of Subversion (SVN) commit rules and immutable tags. This absence of CSRF protection could allow an attacker to manipulate the commit rules or immutable tags of an SVN repository by tricking users into performing these actions without proper authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in SVN commit rules or immutable tags, potentially disrupting version control processes and repository management.

Remediation

Users can upgrade to Tuleap Community Edition 16.13.99.1761813675, Tuleap Enterprise Edition 16.13-5, or Tuleap Enterprise Edition 16.12-8 to address this vulnerability.

Added: Nov 12, 2025, 8:20 PM

Updated: Nov 12, 2025, 11:10 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.7

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.7

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tuleap Missing Cross-Site Request Forgery Protection in SVN Commit Rules Management

Vulnerability

Impact

Remediation

Affected Products

Tuleap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating