high
8.8
CWE
89
Advisory Published
Updated

CVE-2021-43806: SQL injection in Tuleap

First published: Wed Dec 15 2021(Updated: )

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Enalean Tuleap<13.2.99.155
Enalean Tuleap>=13.1-1<13.1-7
Enalean Tuleap>=13.2-1<13.2-6

Remedy

https://github.com/Enalean/tuleap/commit/b82be896b00a787ed46a77bd4700e8fccfe2e5ba

Remedy

https://github.com/Enalean/tuleap/security/advisories/GHSA-x8fr-8gvw-cc4v

Remedy

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b82be896b00a787ed46a77bd4700e8fccfe2e5ba

Remedy

https://tuleap.net/plugins/tracker/?aid=24202

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-43806?

    CVE-2021-43806 is a vulnerability in Tuleap, an open-source tool for traceability of application and system developments.

  • What is the severity of CVE-2021-43806?

    The severity of CVE-2021-43806 is high with a CVSS score of 8.8.

  • How does CVE-2021-43806 affect Tuleap?

    CVE-2021-43806 affects Tuleap by not properly sanitizing user settings when constructing SQL queries for browsing and searching commits in CVS repositories.

  • Who is affected by CVE-2021-43806?

    Users of Tuleap versions up to 13.2.99.155 (Community Edition) and versions 13.1-1 to 13.1-7 (Enterprise Edition) and versions 13.2-1 to 13.2-6 (Enterprise Edition) are affected by CVE-2021-43806.

  • How can CVE-2021-43806 be fixed?

    To fix CVE-2021-43806, users should update their Tuleap installation to a version that includes the patch for this vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203