CVE-2021-41147
- Source
- https://cve.org/CVERecord?id=CVE-2021-41147
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41147.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-41147
- Related
- Published
- 2021-10-15T14:15:08.247Z
- Modified
- 2026-04-10T04:38:35.298713Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.
- References
-
- https://github.com/Enalean/tuleap/commit/d6b2f8b8c5098938bc094726a4826479ddbee941
- https://github.com/Enalean/tuleap/security/advisories/GHSA-j2mq-65wv-prmp
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d6b2f8b8c5098938bc094726a4826479ddbee941
- https://tuleap.net/plugins/tracker/?aid=15131
Affected packages
Git / github.com/enalean/tuleap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/enalean/tuleap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/enalean/tuleap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41147.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.16.99.173"
}
]
},
{
"events": [
{
"introduced": "11.15-1"
},
{
"fixed": "11.15-8"
}
]
},
{
"events": [
{
"introduced": "11.16-1"
},
{
"fixed": "11.16-6"
}
]
}
]