CVE-2021-41154
moderate-risk
Published 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.
Do I need to act?
-
0.85% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (8)
Third Party Advisory
https://github.com/Enalean/tuleap/security/advisories/GHSA-6462-gfv9-jf83
Vendor Advisory
https://tuleap.net/plugins/tracker/?aid=16213
Third Party Advisory
https://github.com/Enalean/tuleap/security/advisories/GHSA-6462-gfv9-jf83
Vendor Advisory
https://tuleap.net/plugins/tracker/?aid=16213
40
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
3/34 · Minimal
Exposure
7/34 · Low