CVE-2021-43806

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43806
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43806.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43806
Related
  • GHSA-x8fr-8gvw-cc4v
Published
2021-12-15T20:15:08Z
Modified
2025-01-15T02:07:37.395333Z
Summary
[none]
Details

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.

References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

10.*

10.0
10.1
10.10
10.11
10.2
10.3
10.4
10.5
10.6
10.7
10.8
10.9

11.*

11.0
11.1
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.17
11.18
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9

12.*

12.0
12.1
12.10
12.11
12.12
12.2
12.3
12.4
12.5
12.6
12.7
12.8
12.9

13.*

13.0
13.1
13.2

Other

1839_conditions_on_dates_in_5_7_1

4.*

4.0.18
4.0.20
4.0.28

5.*

5.0.1
5.0.2
5.0.3
5.0.4
5.1.0
5.11
5.12
5.2
5.3
5.3.1
5.4
5.5
5.5.1
5.5.2
5.5.3
5.5.4
5.6
5.6.1
5.6.2
5.7
5.8
5.9
5.9.1

6.*

6.0
6.1
6.10
6.11
6.12
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9

7.*

7.0
7.1
7.10
7.11
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9

8.*

8.0
8.1
8.10
8.11
8.12
8.13
8.14
8.15
8.16
8.17
8.18
8.19
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9

9.*

9.0
9.1
9.10
9.11
9.12
9.13
9.14
9.15
9.16
9.17
9.18
9.19
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9