CVE-2025-65962

Sažetak

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is fixed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9.

Reference

https://github.com/Enalean/tuleap/commit/26678c5b411042e68964b199bf88a44607550633
https://github.com/Enalean/tuleap/security/advisories/GHSA-9hgc-cm68-rrgc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=26678c5b411042e68964b199bf88a44607550633
https://tuleap.net/plugins/tracker/?aid=45632

CVSS

Base:	4.6
Impact:	2.5
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Zadnje važnije ažuriranje

10-12-2025 - 23:49

Objavljeno

09-12-2025 - 00:15