Vulnerability Details CVE-2021-41155
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/tracker/?aid=16214
- https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14
- https://tuleap.net/plugins/tracker/?aid=16214
Products affected by CVE-2021-41155
-
cpe:2.3:a:enalean:tuleap:11.16-1
-
cpe:2.3:a:enalean:tuleap:11.16-6
-
cpe:2.3:a:enalean:tuleap:11.16.99.173
-
cpe:2.3:a:enalean:tuleap:11.17-1
-
cpe:2.3:a:enalean:tuleap:11.17.99.144