CNNVD-202511-1372 Information
CNNVD ID
CNNVD-202511-1372
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition都是Enalean开源的一个开源套件,旨在改善软件开发和协作的管理。 Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition存在安全漏洞,该漏洞源于SVN提交规则和不可变标签管理缺少跨站请求伪造保护,可能导致规则被篡改。
Description (English)
Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition are open-source packages from the Enalean Open Source to improve software development and collaborative management. There is a security loophole between Enalean Tuleap Community Edition and Enalean Tuleap Enterprise Edition, which stems from the SVN submission rules and the lack of cross-site request for false protection, which could lead to a tampering of the rules.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Enalean
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/Enalean/tuleap/commit/f49419f63edbbaa31ce8417b737431d944827404 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f49419f63edbbaa31ce8417b737431d944827404 https://github.com/Enalean/tuleap/security/advisories/GHSA-p2f7-qw8p-f2p7 https://tuleap.net/plugins/tracker/?aid=45251 https://access.redhat.com/security/cve/cve-2025-64117
Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-p2f7-qw8p-f2p7
Share on: