CVE-2021-41155

moderate-risk
Published 2021-10-18

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

Do I need to act?

-
0.85% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Enalean

References (8)

Patch https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd1...
Patch https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
Patch https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546...
Vendor Advisory https://tuleap.net/plugins/tracker/?aid=16214
Patch https://github.com/Enalean/tuleap/commit/ff75f2899c60a4546ee2d532e68a3febd07bdd1...
Patch https://github.com/Enalean/tuleap/security/advisories/GHSA-f8jp-hx4q-wxvr
Patch https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ff75f2899c60a4546...
Vendor Advisory https://tuleap.net/plugins/tracker/?aid=16214
40
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 7/34 · Low