Cross-Site Request Forgery Vulnerability in Tuleap by Enalean
CVE-2025-29929

4.6MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
31 March 2025

What is CVE-2025-29929?

Tuleap, an open-source suite for software development management, has a CSRF vulnerability affecting its tracker hierarchy administration. This flaw could allow attackers to deceive users into submitting or modifying artifacts or follow-up comments without their consent. The issue has been resolved in Tuleap Community Edition version 16.5.99.1742306712 and Tuleap Enterprise Edition versions 16.5-5 and 16.4-8, ensuring improved security for project collaboration.

Affected Version(s)

tuleap < 16.5.99.1742306712

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/dce61747f3a169da...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.