Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-43782

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 6.0
Products affected by CVE-2021-43782
  • Enalean » Tuleap » Version: Any
    cpe:2.3:a:enalean:tuleap:*
  • Enalean » Tuleap » Version: 11.16.99.173
    cpe:2.3:a:enalean:tuleap:11.16.99.173
  • Enalean » Tuleap » Version: 11.17.99.144
    cpe:2.3:a:enalean:tuleap:11.17.99.144
  • Enalean » Tuleap » Version: 11.17.99.146
    cpe:2.3:a:enalean:tuleap:11.17.99.146
  • Enalean » Tuleap » Version: 12.9.99.228
    cpe:2.3:a:enalean:tuleap:12.9.99.228


Products
Pricing
Contact Us

Shodan ® - All rights reserved