CVE-2024-46980
CVSS V2 None
CVSS V3 None
Description
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.
Overview
- CVE ID
- CVE-2024-46980
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-14T17:41:58.663Z
- Last Modified Date
- 2024-10-14T17:44:00.617Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj | x_refsource_CONFIRM |
https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494 | x_refsource_MISC |
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494 | x_refsource_MISC |
https://tuleap.net/plugins/tracker/?aid=39689 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-46980 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46980 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-15 13:06:58 | Added to TrackCVE |