CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2021-43806

Enalean » Tuleap » Version: Any

cpe:2.3:a:enalean:tuleap:*
Enalean » Tuleap » Version: 11.16.99.173

cpe:2.3:a:enalean:tuleap:11.16.99.173
Enalean » Tuleap » Version: 11.17.99.144

cpe:2.3:a:enalean:tuleap:11.17.99.144
Enalean » Tuleap » Version: 11.17.99.146

cpe:2.3:a:enalean:tuleap:11.17.99.146
Enalean » Tuleap » Version: 12.9.99.228

cpe:2.3:a:enalean:tuleap:12.9.99.228

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43806

Products

Pricing

Contact Us