Skip to content

SQL injection via the user settings of the CVS commits browser

High
LeSuisse published GHSA-x8fr-8gvw-cc4v Dec 15, 2021

Package

tuleap (tuleap)

Affected versions

< 13.2.99.155, >= 13.1-1 && < 13.1-7, >= 13.2-1 && < 13.2-6

Patched versions

13.2.99.155, 13.1-7, 13.2-6

Description

Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories.

Impact

A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted.

Patches

The following versions contain the fix:

  • Tuleap Community Edition 13.2.99.155
  • Tuleap Enterprise Edition 13.1-7
  • Tuleap Enterprise Edition 13.2-6

For more information

If you have any questions or comments about this advisory, reach out to us via the contact information provided on the Tuleap.org security page.

References

Severity

High
8.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID

CVE-2021-43806

Weaknesses