CVE-2023-30619
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
04/05/2023
Last modified:
29/01/2025
Description
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.<br />
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:* | 14.7.99.76 (including) | 14.7.99.143 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
- https://github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
- https://tuleap.net/plugins/tracker/?aid=31586
- https://github.com/Enalean/tuleap/commit/fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
- https://github.com/Enalean/tuleap/security/advisories/GHSA-7fm3-cr3g-5922
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=fdc93a736cbccad05de16ff0cc7cc3ef18dc93df
- https://tuleap.net/plugins/tracker/?aid=31586