CVE-2023-35929
CVSS V2 None
CVSS V3 None
Description
Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.
Overview
- CVE ID
- CVE-2023-35929
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-25T17:30:22.017Z
- Last Modified Date
- 2023-07-25T17:30:22.017Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Enalean/tuleap/security/advisories/GHSA-xhjp-4rjf-q268 | x_refsource_CONFIRM |
| https://github.com/Enalean/tuleap/commit/0b2945fbd260d37aa0aff2ca1c867d160f76188d | x_refsource_MISC |
| https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0b2945fbd260d37aa0aff2ca1c867d160f76188d | x_refsource_MISC |
| https://tuleap.net/plugins/tracker/?aid=32629 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-35929 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35929 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 19:33:38 | Added to TrackCVE |