First published: Wed Dec 15 2021(Updated: )
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <13.2.99.155 | |
Enalean Tuleap | >=13.1-1<13.1-7 | |
Enalean Tuleap | >=13.2-1<13.2-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43806 is a vulnerability in Tuleap, an open-source tool for traceability of application and system developments.
The severity of CVE-2021-43806 is high with a CVSS score of 8.8.
CVE-2021-43806 affects Tuleap by not properly sanitizing user settings when constructing SQL queries for browsing and searching commits in CVS repositories.
Users of Tuleap versions up to 13.2.99.155 (Community Edition) and versions 13.1-1 to 13.1-7 (Enterprise Edition) and versions 13.2-1 to 13.2-6 (Enterprise Edition) are affected by CVE-2021-43806.
To fix CVE-2021-43806, users should update their Tuleap installation to a version that includes the patch for this vulnerability.