CNNVD-202512-1081 Information
CNNVD ID
CNNVD-202512-1081
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Enalean Tuleap是法国Enalean公司的一个自由的开源工具。用于应用程序和系统开发的端到端可追溯性。 Enalean Tuleap存在跨站请求伪造漏洞,该漏洞源于跟踪器字段依赖缺少CSRF保护,可能导致修改跟踪器字段。
Description (English)
Enalean Tuleap is a free and open-source tool for the French company Enalean. End-to-end traceability for applications and system development. Enalean Tuleap has a cross-site request to forge a loophole, which stems from the fact that the tracker field relies on the lack of CSRF protection and may lead to changes in the tracker field.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Enalean
Published
2025-12-09
Last Modified
2026-02-24
References
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=26678c5b411042e68964b199bf88a44607550633 https://tuleap.net/plugins/tracker/?aid=45632 https://github.com/Enalean/tuleap/security/advisories/GHSA-9hgc-cm68-rrgc https://github.com/Enalean/tuleap/commit/26678c5b411042e68964b199bf88a44607550633 https://access.redhat.com/security/cve/cve-2025-65962
Patch
https://github.com/Enalean/tuleap/tags
Share on: