Security Intel Hub 26+

Tuleap CSRF Vulnerability (CVE-2026-24007) Advisory

Tuleap CVE-2025-65962 Missing CSRF in Tracker Field Dependencies

Tuleap Tracker Trigger Management CSRF Vulnerability (CVE-2025-64760)

Tuleap CSRF Vulnerability (CVE-2025-64498) Advisory

Tuleap File Release System Missing CSRF Protection (CVE-2025-64482)

Tuleap CVE-2021-43782 Indirect LDAP Injection Vulnerability Advisory

Tuleap Artifact Link Preview Permission Bypass Fix

### Key Information Summary #### 1. Vulnerability Fix Description: - **Fixes Request**: Fixes request #33608 - **Issue Description**: Preview of a linked artifact with a type does not respect permissi…

Tuleap CVE-2024-23344 Unauthorized Artifact Readability Vulnerability Advisory

### Vulnerability Key Information #### Vulnerability Description - **Name**: Content of artifacts might be readable by unauthorized users - **CVE ID**: CVE-2024-23344 - **Publisher**: LeSuisse - **Rel…

Tuleap Permission Bypass Vulnerability (CVE-2025-59040) GHSA Advisory

### Critical Vulnerability Information #### Vulnerability Title Backlog item representations do not verify the permissions of the child trackers #### Vulnerability ID GHSA-67xc-39v9-pffg #### Affected…

Tuleap Cross-Tracker Search Permission Verification Bypass (CVE-2025-54877)

### Critical Vulnerability Information #### Vulnerability Title - **Special and always there fields permissions are not verified in cross-tracker search** #### Severity - **CVSS v3 base metrics**: 5.3…

Tuleap User Enumeration via Lost Password Form (CVE-2025-52899)

### Critical Vulnerability Information #### Vulnerability Title - **User enumeration via the lost password form** #### Publisher and Date - **LeSuisse** published GHSA-xqf3-xxxf-x3c2 yesterday #### Af…

Tuleap CVE-2025-50179 Missing CSRF Protection Fix

### Critical Vulnerability Information #### Vulnerability Title - **Missing CSRF protection on tracker reports manipulation** #### Severity - **Level**: Moderate (4.6/10) #### Impact - **Description**…

Tuleap Tracker Canned Responses CSRF Vulnerability (CVE-2025-48991)

### Critical Vulnerability Information #### Vulnerability Title - **Missing CSRF protection on tracker canned responses administration** #### Severity - **Level**: Moderate - **CVSS v3 Base Metrics**:…

Tuleap REST API Parent Tracker Read Permission Bypass (CVE-2025-30155)

### Critical Vulnerability Information #### Vulnerability Title - **Read permission not enforced on parent tracker in the REST API** #### Severity - **Moderate** - **CVSS v3 Base Score**: 4.3 / 10 - A…

Jenkins PRB Plugin Permission Handling Fix

From this webpage screenshot, the following key vulnerability-related information can be extracted: - **Commit ID**: 346f2d5 - **Commit Description**: "Adjust permission handling in the REST endpoints…

Tuleap FRS Plugin REST Endpoint Improper Permission Handling (CVE-2025-30209)

### Critical Vulnerability Information #### Vulnerability Title - **Improper permission handling in the REST endpoints and release notes display of the FRS plugin** #### Severity - **Moderate** - **CV…

Tuleap RSS Widget XSS Vulnerability Advisory (CVE-2025-30203)

### Key Information #### Vulnerability Title - **XSS via the content of RSS feeds in the RSS widgets** #### Severity - **Moderate** - **CVSS v3 base metrics:** - Attack vector: Network - Attack comple…

Tuleap Missing CSRF Protection Vulnerability (CVE-2025-29929) Advisory

### Critical Vulnerability Information #### Vulnerability Title - **Missing CSRF protection on tracker hierarchy administration** #### Severity - **Moderate** - **CVSS v3 base metrics: 4.6/10** - Atta…