Tuleap
Moderate fix1 remedy
cpe:2.3:a:tuleap:tuleap:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 17.0.99.1762456922
Tuleap Missing CSRF Protection Vulnerability in Planning Management
Vulnerability
Patched
A vulnerability exists in Tuleap Community Edition versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7, and 16.12-10. The issue arises from missing Cross-Site Request Forgery (CSRF) protections in the planning management API, allowing attackers to manipulate planning data by creating, editing, or deleting plans.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in planning management, such as creating, editing, or deleting plans.
Reproduction
To reproduce this vulnerability, a user must be logged into Tuleap and have access to the Agile Dashboard planning management features. Without the proper CSRF protections, an attacker could craft a request that exploits this vulnerability, potentially using social engineering tactics to trick the user into submitting the request.
Remediation
Users can upgrade to Tuleap Community Edition 17.0.99.1762456922 or Tuleap Enterprise Edition 17.0-2, 16.13-7, or 16.12-10 to address this vulnerability.
Added: Dec 8, 2025, 11:19 PM
Updated: Dec 8, 2025, 11:19 PM
Vulnerability Rating
Custom Algorithm
spread
1.9impact
0.6exploitability
6.0remediation
7.7relevance
1.4threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.