First published: Tue Jul 25 2023(Updated: )
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <14.9-5 | |
Enalean Tuleap | <14.10.99.4 | |
Enalean Tuleap | >=14.10<14.10-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-35929 is a vulnerability in Tuleap Community Edition and Tuleap Enterprise Edition prior to certain versions.
CVE-2023-35929 has a severity rating of medium with a score of 5.4.
CVE-2023-35929 affects Tuleap Community Edition prior to version 14.10.99.4 and Tuleap Enterprise Edition prior to versions 14.10-2 and 14.9-5.
The CWE of CVE-2023-35929 is 79.
To fix CVE-2023-35929, users should update to Tuleap Community Edition version 14.10.99.4 or later, and Tuleap Enterprise Edition versions 14.10-2 or 14.9-5 or later.