CNNVD-202512-856 Information
CNNVD ID
CNNVD-202512-856
Related CVE
- CNNVD Published: 2025-12-08
Description (Chinese)
Enalean Tuleap是法国Enalean公司的一个自由的开源工具。用于应用程序和系统开发的端到端可追溯性。 Enalean Tuleap存在跨站请求伪造漏洞,该漏洞源于缺少CSRF保护,可能导致创建或删除跟踪器触发器。
Description (English)
Enalean Tuleap is a free and open-source tool for the French company Enalean. End-to-end traceability for applications and system development. Enalean Tuleap had a cross-site request for a false loophole, which stemmed from a lack of CSRF protection and could lead to the creation or deletion of a tracking trigger.
Hazard Level
High
Vulnerability Type
跨站请求伪造
Affected Vendor
Enalean
Published
2025-12-08
Last Modified
2026-02-24
References
https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4 https://tuleap.net/plugins/tracker/?aid=45618 https://github.com/Enalean/tuleap/security/advisories/GHSA-f2xv-x3g6-4j9p https://access.redhat.com/security/cve/cve-2025-64760
Patch
https://github.com/Enalean/tuleap/tags
Share on: