CVE-2023-35929
Last modified
CVE-2023-35929 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 14.9-5 |
| Enalean | Tuleap | < 14.10.99.4 |
| Enalean | Tuleap | >= 14.10, < 14.10-2 |
References
- https://tuleap.net/plugins/tracker/?aid=32629Vendor Advisory
- https://tuleap.net/plugins/tracker/?aid=32629Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-35929?
How severe is CVE-2023-35929?
How do I fix CVE-2023-35929?
Are you affected by CVE-2023-35929?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST