CVE-2021-43782
Severity CVSS v4.0:
Pending analysis
Type:
CWE-74
Injection
Publication date:
15/12/2021
Last modified:
09/08/2022
Description
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:* | 13.2.99.83 (excluding) | |
| cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:* | 13.1-1 (including) | 13.1-6 (excluding) |
| cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:* | 13.2-1 (including) | 13.2-4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Enalean/tuleap/commit/64e77561eba9f8233199c2962b3497ed7294a7d2
- https://github.com/Enalean/tuleap/security/advisories/GHSA-887w-pv2r-x8pm
- https://github.com/Enalean/tuleap/security/advisories/GHSA-cwv9-hhm4-jr84
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=64e77561eba9f8233199c2962b3497ed7294a7d2
- https://tuleap.net/plugins/tracker/?aid=24168