📦 Tuleap
by Enalean
🔍 What is Tuleap?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2022-31058 is a SQL injection vulnerability in Tuleap's tracker report functionality. Attackers with permission to create new trackers can execute arbitrary SQL queries, potentially leading to dat...
CVE-2021-43806 is an SQL injection vulnerability in Tuleap's CVS repository browsing functionality. Authenticated users with read access to CVS repositories can execute arbitrary SQL queries, potentia...
This vulnerability allows attackers with read access to SVN core repositories in Tuleap to execute arbitrary SQL queries through SQL injection. It affects Tuleap Community and Enterprise Editions befo...
This SQL injection vulnerability in Tuleap Open ALM allows attackers with dashboard editing permissions to execute arbitrary SQL queries. It affects Tuleap Community Edition before version 11.16.99.17...
This CSRF vulnerability in Tuleap allows attackers to trick authenticated users into performing unauthorized actions, specifically creating artifact links from releases. All Tuleap users with access t...
This CVE-2025-65962 is a Cross-Site Request Forgery (CSRF) vulnerability in Tuleap's tracker field dependencies that allows attackers to modify tracker fields without proper authorization. It affects ...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Tuleap project management software that allows attackers to trick authenticated users into changing tracker general settings wit...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Tuleap's planning management API. Attackers can trick authenticated users into unknowingly creating, editing, or deleting projec...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Tuleap that allows attackers to create or remove tracker triggers without proper authorization. All Tuleap Community Edition ver...
This CVE describes an authorization bypass vulnerability in Tuleap's file release system. Attackers can access file release information in projects they shouldn't have permission to view. This affects...
This vulnerability in Tuleap's forgot password form allows attackers to enumerate valid usernames by observing differences in response times or error messages. It affects all Tuleap Community Edition ...
This CVE describes an authorization bypass vulnerability in Tuleap where authenticated users can access confidential artifact information they shouldn't have permission to view. It affects Tuleap Comm...
This CVE describes a cross-site request forgery (CSRF) vulnerability in Tuleap that allows attackers to trick authenticated users into modifying canned responses. The vulnerability affects Tuleap Comm...
Tuleap's REST API fails to enforce read permissions on parent trackers, allowing authenticated users to access tracker data they shouldn't have permission to view. This affects all Tuleap installation...
This CVE describes a cross-site scripting (XSS) vulnerability in Tuleap's RSS widget functionality. Project administrators or users controlling RSS feeds can inject malicious scripts that execute in v...
This CSRF vulnerability in Tuleap allows attackers to trick authenticated users into unknowingly submitting or editing artifacts or follow-up comments by exploiting missing CSRF protection in tracker ...
CVE-2025-29766 is a Cross-Site Request Forgery (CSRF) vulnerability in Tuleap that allows attackers to trick authenticated users into submitting or editing tracker artifacts and comments without their...
This vulnerability in Tuleap allows authenticated users with access to any tracker to delete all criteria filters across all reports by repeatedly creating and deleting reports. This affects all Tulea...
This CVE describes a stored cross-site scripting (XSS) vulnerability in Tuleap's tracker semantic timeframe deletion messages. A tracker administrator can inject malicious scripts that execute in the ...
CVE-2025-24029 is an improper permissions vulnerability in Tuleap that allows users (including anonymous users in public project dashboards) to access artifacts they shouldn't have permission to view....
This vulnerability allows a malicious user with artifact creation permissions in a tracker with a Gantt chart to execute cross-site scripting (XSS) attacks against other users. The attacker can force ...
This vulnerability in Tuleap allows users to see tracker names they should not have access to due to improper handling of permissions. It affects all Tuleap Community and Enterprise Edition users runn...
This vulnerability in Tuleap allows users to receive email notifications containing information they shouldn't have access to, potentially exposing sensitive development data. It affects all Tuleap Co...
This vulnerability in Tuleap's document manager allows users to retain edit or manage permissions on sub-items when permissions are being restricted via the web UI. The checkbox 'Apply same permission...