Description

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release). This vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.

INFO

Published Date :

2026-02-02T19:52:51.336Z

Last Modified :

2026-02-03T14:56:49.087Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24007 vulnerability.

Vendors Products
Enalean
  • Tuleap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24007.

URL Resource
https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5 cve-icon cve-icon
https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-rwqj-ffxw cve-icon cve-icon
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5 cve-icon cve-icon
https://tuleap.net/plugins/tracker/?aid=46389 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact