Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

INFO

Published Date :

2024-10-14T17:41:58.663Z

Last Modified :

2024-10-15T15:41:02.095Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46980 vulnerability.

Vendors Products
Enalean
  • Tuleap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46980.

URL Resource
https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494 cve-icon cve-icon
https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj cve-icon cve-icon
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494 cve-icon cve-icon
https://tuleap.net/plugins/tracker/?aid=39689 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact