CNNVD-202512-855 Information
CNNVD ID
CNNVD-202512-855
Related CVE
- CNNVD Published: 2025-12-08
Description (Chinese)
Enalean Tuleap是法国Enalean公司的一个自由的开源工具。用于应用程序和系统开发的端到端可追溯性。 Enalean Tuleap存在跨站请求伪造漏洞,该漏洞源于规划管理API缺少CSRF保护,可能导致创建、编辑或删除计划。
Description (English)
Enalean Tuleap is a free and open-source tool for the French company Enalean. End-to-end traceability for applications and system development. Enalean Tuleap had a cross-site request for a false loophole, which arose from the lack of CSRF protection in the planning and management of API, which could lead to the creation, editing or deletion of the plan.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Enalean
Published
2025-12-08
Last Modified
2026-02-24
References
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526 https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526 https://tuleap.net/plugins/tracker/?aid=45592 https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x https://access.redhat.com/security/cve/cve-2025-64499
Patch
https://github.com/Enalean/tuleap/tags
Share on: