CVE-2024-52599
📋 TL;DR
This vulnerability allows a malicious user with artifact creation permissions in a tracker with a Gantt chart to execute cross-site scripting (XSS) attacks against other users. The attacker can force victims to execute uncontrolled JavaScript code in their browser context. This affects Tuleap Community Edition before 16.1.99.50 and Tuleap Enterprise Edition before 16.1-4 and 16.0-7.
💻 Affected Systems
- Tuleap Community Edition
- Tuleap Enterprise Edition
📦 What is this software?
Tuleap by Enalean
Tuleap by Enalean
Tuleap by Enalean
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could steal session cookies, perform actions as the victim, or redirect users to malicious sites, potentially leading to account compromise or data theft.
Likely Case
Attackers with tracker access could inject malicious scripts that execute in other users' browsers when viewing Gantt charts, potentially stealing session data or performing unauthorized actions.
If Mitigated
With proper input validation and output encoding, the XSS payload would be neutralized, preventing code execution.
🎯 Exploit Status
Exploitation requires authenticated access with artifact creation permissions in a tracker with Gantt chart.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Community Edition: 16.1.99.50; Enterprise Edition: 16.1-4 or 16.0-7
Vendor Advisory: https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7
Restart Required: Yes
Instructions:
1. Backup your Tuleap instance. 2. Update to patched version via your package manager (apt/yum). 3. Restart Tuleap services. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Disable Gantt charts in vulnerable trackers
allTemporarily disable Gantt chart functionality in trackers until patching can be completed.
Navigate to tracker administration and disable Gantt chart display
Restrict artifact creation permissions
allLimit who can create artifacts in trackers with Gantt charts to trusted users only.
Adjust tracker permissions to restrict artifact creation
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to mitigate XSS impact
- Monitor and audit user activity in trackers with Gantt charts for suspicious behavior
🔍 How to Verify
Check if Vulnerable:
Check Tuleap version via web interface or command line. If version is below patched versions, system is vulnerable.Check Version:
tuleap info | grep 'Tuleap version' or check via web interface at /admin/Verify Fix Applied:
Confirm version is 16.1.99.50 or higher for Community Edition, or 16.1-4/16.0-7 or higher for Enterprise Edition.📡 Detection & Monitoring
Log Indicators:
- Unusual artifact creation patterns in trackers with Gantt charts
- JavaScript errors or suspicious content in Gantt chart requests
Network Indicators:
- Unexpected JavaScript payloads in tracker/Gantt-related HTTP requests
SIEM Query:
source="tuleap_logs" AND ("artifact creation" OR "gantt") AND suspicious_content🔗 References
- https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://tuleap.net/plugins/tracker/?aid=40459
