Cross-Site Request Forgery Vulnerability in Tuleap by Enalean
CVE-2025-29929
4.6MEDIUM
What is CVE-2025-29929?
Tuleap, an open-source suite for software development management, has a CSRF vulnerability affecting its tracker hierarchy administration. This flaw could allow attackers to deceive users into submitting or modifying artifacts or follow-up comments without their consent. The issue has been resolved in Tuleap Community Edition version 16.5.99.1742306712 and Tuleap Enterprise Edition versions 16.5-5 and 16.4-8, ensuring improved security for project collaboration.
Affected Version(s)
tuleap < 16.5.99.1742306712
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved