We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-52599

Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin



Description

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.

Reserved 2024-11-14 | Published 2024-12-09 | Updated 2024-12-10 | Assigner GitHub_M


MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 16.1.99.50
affected

< 16.1-4
affected

< 16.0-7
affected

References

github.com/...tuleap/security/advisories/GHSA-489c-fm2j-qjw7

github.com/...ommit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5

tuleap.net/...mit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5

tuleap.net/plugins/tracker/?aid=40459

cve.org (CVE-2024-52599)

nvd.nist.gov (CVE-2024-52599)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-52599

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.