CVE-2021-41154

Sažetak

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Reference

https://tuleap.net/plugins/tracker/?aid=16213
https://github.com/Enalean/tuleap/commit/ab12b686ced4cf233d3b15b08da008e0553eb6a6
https://github.com/Enalean/tuleap/security/advisories/GHSA-6462-gfv9-jf83
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ab12b686ced4cf233d3b15b08da008e0553eb6a6

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

22-10-2021 - 16:33

Objavljeno

18-10-2021 - 22:15