CVE-2021-41155
CVSS V2 Medium 6.5
CVSS V3 High 8.8
Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Overview
- CVE ID
- CVE-2021-41155
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2021-10-18T22:15:07
- Last Modified Date
- 2021-10-22T16:53:15
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:* | 1 | OR | 11.17.99.146 | |
| cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:* | 1 | OR | 11.16-1 | 11.16-7 |
| cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:* | 1 | OR | 11.17-1 | 11.17-5 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- SINGLE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.5
- Severity
- MEDIUM
- Exploitability Score
- 8
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd14 | Patch Third Party Advisory |
| https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546ee2d532e68a3febd07bdd14 | Patch Vendor Advisory |
| https://tuleap.net/plugins/tracker/?aid=16214 | Vendor Advisory |
| https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr | Patch Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-41155 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41155 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 06:50:06 | Added to TrackCVE | |||
| 2022-12-05 12:35:28 | 2021-10-18T22:15Z | 2021-10-18T22:15:07 | CVE Published Date | updated |
| 2022-12-05 12:35:28 | 2021-10-22T16:53:15 | CVE Modified Date | updated | |
| 2022-12-05 12:35:28 | Analyzed | Vulnerability Status | updated |