Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Enalean — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting Enalean. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Enalean develops enterprise software solutions, primarily known for the Bugzilla bug tracking system and the Phabricator suite, which facilitate project management and code review for large-scale technical organizations. Historically, vulnerabilities within these platforms have frequently involved cross-site scripting (XSS), SQL injection, and improper access control mechanisms that could lead to privilege escalation. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity of these web-based applications and the rigorous scrutiny applied to their codebases. While no single catastrophic breach has defined the company’s public security history, the persistent nature of these flaws underscores the challenges inherent in maintaining secure, feature-rich collaboration tools. Security updates are regularly deployed to address these issues, emphasizing the need for administrators to maintain strict patching schedules to mitigate risks associated with unpatched instances.

Top products by Enalean: tuleap
CVE IDTitleCVSSSeverityPublished
CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget — tuleapCWE-280 4.9 Medium2024-10-14
CVE-2024-46988 Tuleap does not properly check permissions for email notifications in trackers — tuleapCWE-280 4.8 Medium2024-10-14
CVE-2024-46980 Tuleap vulnerable to XSS in the HTML mail content of the cross reference field — tuleapCWE-79 4.8 Medium2024-10-14
CVE-2024-39902 Tuleap's recursive permissions to document manager folder are not properly applied — tuleapCWE-281 4.8 Medium2024-07-22
CVE-2024-37167 Tuleap has improper permissions of the backlog items — tuleapCWE-285 4.3 Medium2024-06-25
CVE-2024-30246 Tuleap deleting or moving an artifact can delete values from unrelated artifacts — tuleapCWE-440 7.6 High2024-03-29
CVE-2024-25130 Tuleap's mass update clears the permissions on artifact field — tuleapCWE-200 5.4 Medium2024-02-22
CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users — tuleapCWE-200 5.3 Medium2024-02-06
CVE-2023-48715 Tuleap vulnerable to Cross-site Scripting on the edition page of a release — tuleapCWE-79 5.4 Medium2023-12-11
CVE-2023-39521 Tuleap vulnerable to Cross-site Scripting on the success message of a kanban deletion — tuleapCWE-79 4.8 Medium2023-08-24
CVE-2023-38508 Tuleap allows preview of a linked artifact with a type does not respect permissions — tuleapCWE-285 6.5 Medium2023-08-24
CVE-2023-35929 Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps — tuleapCWE-79 5.4 Medium2023-07-25
CVE-2023-35938 User access not updated with privilege change in Tuleap — tuleapCWE-281 4.1 Medium2023-06-29
CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job — tuleapCWE-79 4.8 Medium2023-05-29
CVE-2023-30619 XSS in the tooltip via an artifact title — tuleapCWE-79 5.4 Medium2023-05-04
CVE-2023-23938 Cross-site Scripting (XSS) through the name of a color of select box values in tuleap — tuleapCWE-79 5.9 Medium2023-04-20
CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages — tuleapCWE-863 4.3 Medium2022-12-13
CVE-2022-46160 Tuleap dashboards vulnerable to Incorrect Authorization — tuleapCWE-863 4.3 Medium2022-12-13
CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification — tuleapCWE-862 4.3 Medium2022-10-19
CVE-2022-31128 Fine grained permissions are not checked in Tuleap — tuleapCWE-862 5.4 Medium2022-08-01
CVE-2022-31058 SQL injection via the field name of a tracker in Tuleap — tuleapCWE-89 7.2 High2022-06-29
CVE-2022-31063 Cross site scripting via the title of a document in Tuleap — tuleapCWE-79 6.5 Medium2022-06-29
CVE-2022-31032 Resources of private projects can be exposed in Tuleap — tuleapCWE-200 4.3 Medium2022-06-29
CVE-2022-24896 Tracker report renderer and chart widgets leak information in Tuleap — tuleapCWE-862 4.3 Medium2022-06-06
CVE-2021-43806 SQL injection in Tuleap — tuleapCWE-89 8.8 High2021-12-15
CVE-2021-41276 Indirect LDAP injection in Tuleap — tuleapCWE-74 6.7 Medium2021-12-15
CVE-2021-43782 Indirect LDAP injection in Tuleap — tuleapCWE-90 6.7 Medium2021-12-15
CVE-2021-41154 SQL injection in the "SVN core" commits browser — tuleapCWE-89 8.8 High2021-10-18
CVE-2021-41155 SQL injection in CVS revisions browser — tuleapCWE-89 8.8 High2021-10-18
CVE-2021-41148 The update of the CI job targeted by a widget is vulnerable to blind SQL injections — tuleapCWE-89 8.8 High2021-10-15

This page lists every published CVE security advisory associated with Enalean. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.