Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-11T18:40:10.936Z
Updated: 2024-08-02T21:37:54.626Z
Reserved: 2023-11-17T19:43:37.555Z
Link: CVE-2023-48715
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-11T19:15:08.860
Modified: 2024-02-22T19:15:08.410
Link: CVE-2023-48715
Redhat
No data.