CNNVD-202511-1317 Information
CNNVD ID
CNNVD-202511-1317
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition都是Enalean开源的一个开源套件,旨在改善软件开发和协作的管理。 Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition存在跨站请求伪造漏洞,该漏洞源于缺少跨站请求伪造保护,可能导致SVN仓库提交规则或不可变标签被修改。以下版本受到影响:Tuleap Community Edition 16.13.99.1762267347之前版本和Tuleap Enterprise Edition 17.01之前版本、16.13版本至16.13-6版本和16.12版本至16.12-9版本。
Description (English)
Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition are open-source packages from the Enalean Open Source to improve software development and collaborative management. The Enalean Tuleap Community Edition and Enelean Tuleap Enterprise Edition have a false cross-site request loophole, which stems from the lack of cross-site request for false protection, which may result in SVN warehouse submission rules or unmovable tags being modified. The following versions were affected: the pre-Tuleap Commission 16.13.99.1762267347 and the pre-Tuleap Enterprise 1701, 16.13 to 16.13-6 and 16.12 to 16.12-9.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Enalean
Published
2025-11-12
Last Modified
2026-02-24
References
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=899b5c1693324211947b72f2810ae8944e1bd0d5 https://tuleap.net/plugins/tracker/?aid=45259 https://github.com/Enalean/tuleap/commit/899b5c1693324211947b72f2810ae8944e1bd0d5 https://github.com/Enalean/tuleap/security/advisories/GHSA-w7h4-9vf6-q7rc https://access.redhat.com/security/cve/cve-2025-64482
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-w7h4-9vf6-q7rc
Share on: