CVE-2025-27402

4 Mar 2025

Jose Alexis Correa Valencia
0 Comentarios

Título es
CVE-2025-27402

Mar, 04/03/2025 – 17:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27402

Descripción en
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
4.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/Enalean/tuleap/commit/ea6319e2ad40beeda335af4ccd7a204a6912765c

https://github.com/Enalean/tuleap/security/advisories/GHSA-66pg-cpjf-2mfg

https://tuleap.net/plugins/tracker/?aid=41857

Enviar en el boletín
Off