enalean tuleap Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of enalean tuleap's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High7

Medium55

Low0

9 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of enalean tuleap's CVEs are currently listed in CISA's KEV catalog.

Public exploits

22 of enalean tuleap's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every enalean tuleap version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

1839_conditions_on_dates_in_5_7_162 CVEs
4.0.1862 CVEs
4.0.2062 CVEs
4.0.2862 CVEs
5.0.162 CVEs
5.0.262 CVEs
5.0.362 CVEs
5.0.462 CVEs
5.1.062 CVEs
5.1162 CVEs
5.1262 CVEs
5.262 CVEs
5.362 CVEs
5.3.162 CVEs
5.462 CVEs
5.562 CVEs
5.5.162 CVEs
5.5.262 CVEs
5.5.362 CVEs
5.5.462 CVEs
5.662 CVEs
5.6.162 CVEs
5.6.262 CVEs
5.762 CVEs
5.862 CVEs
5.962 CVEs
5.9.162 CVEs
6.062 CVEs
6.162 CVEs
6.1062 CVEs
6.1162 CVEs
6.1262 CVEs
6.262 CVEs
6.362 CVEs
6.462 CVEs
6.562 CVEs
6.662 CVEs
6.762 CVEs
6.862 CVEs
6.962 CVEs
7.062 CVEs
7.162 CVEs
7.1062 CVEs
7.1162 CVEs
7.262 CVEs
7.362 CVEs
7.462 CVEs
7.562 CVEs
7.662 CVEs
7.762 CVEs
7.862 CVEs
7.962 CVEs
8.062 CVEs
8.162 CVEs
8.1062 CVEs
8.1162 CVEs
8.1262 CVEs
8.1362 CVEs
8.1462 CVEs
8.1562 CVEs
8.1662 CVEs
8.1762 CVEs
8.1862 CVEs
8.1962 CVEs
8.262 CVEs
8.362 CVEs
8.462 CVEs
8.562 CVEs
8.662 CVEs
8.762 CVEs
8.862 CVEs
8.962 CVEs
9.062 CVEs
9.162 CVEs
9.262 CVEs
9.362 CVEs
9.462 CVEs
9.562 CVEs
9.662 CVEs
9.1060 CVEs
9.1160 CVEs
9.1260 CVEs
9.1360 CVEs
9.1460 CVEs
9.1560 CVEs
9.1660 CVEs
9.1760 CVEs
9.760 CVEs
9.860 CVEs
9.960 CVEs
10.058 CVEs
10.158 CVEs
10.258 CVEs
10.358 CVEs
10.458 CVEs
9.1858 CVEs
9.1958 CVEs
10.1057 CVEs
10.1157 CVEs
10.557 CVEs
10.657 CVEs
10.757 CVEs
10.857 CVEs
10.957 CVEs
11.057 CVEs
11.157 CVEs
11.1057 CVEs
11.1157 CVEs
11.1257 CVEs
11.1357 CVEs
11.1457 CVEs
11.1557 CVEs
11.1657 CVEs
11.257 CVEs
11.357 CVEs
11.457 CVEs
11.557 CVEs
11.657 CVEs
11.757 CVEs
11.857 CVEs
11.957 CVEs
11.1755 CVEs
11.1853 CVEs
12.053 CVEs
12.153 CVEs
12.1053 CVEs
12.1153 CVEs
12.253 CVEs
12.353 CVEs
12.453 CVEs
12.553 CVEs
12.653 CVEs
12.753 CVEs
12.853 CVEs
12.953 CVEs
12.1252 CVEs
13.052 CVEs
13.152 CVEs
13.252 CVEs
@tuleap/project-sidebar_1.0.049 CVEs
@tuleap/project-sidebar_1.0.149 CVEs
@tuleap/project-sidebar_1.0.249 CVEs
@tuleap/project-sidebar_1.1.049 CVEs
@tuleap/project-sidebar_2.2.049 CVEs
13.349 CVEs
13.449 CVEs
13.549 CVEs
13.649 CVEs
13.749 CVEs
13.848 CVEs
13.948 CVEs
@tuleap/project-sidebar_2.1.047 CVEs
13.1045 CVEs
13.1144 CVEs
13.1244 CVEs
14.044 CVEs
14.143 CVEs
14.243 CVEs
14.343 CVEs
14.443 CVEs
14.543 CVEs
14.642 CVEs
14.742 CVEs
14.841 CVEs
14.940 CVEs
@tuleap/project-sidebar_2.2.139 CVEs
14.1039 CVEs
@tuleap/project-sidebar_2.2.338 CVEs
@tuleap/project-sidebar_2.2.438 CVEs
14.1138 CVEs
@tuleap/project-sidebar_2.3.036 CVEs
@tuleap/project-sidebar_2.4.036 CVEs
@tuleap/project-sidebar_2.5.036 CVEs
14.1236 CVEs
15.036 CVEs
15.136 CVEs
15.236 CVEs
@tuleap/project-sidebar_2.6.035 CVEs
@tuleap/project-sidebar_2.6.135 CVEs
15.335 CVEs
15.435 CVEs
15.534 CVEs
15.633 CVEs
15.733 CVEs
15.832 CVEs
15.932 CVEs
15.1031 CVEs
@tuleap/prism-language-tql_1.0.030 CVEs
@tuleap/prism-language-tql_1.0.130 CVEs
15.1130 CVEs
15.1230 CVEs
15.1330 CVEs
@tuleap/prism-language-tql_1.1.027 CVEs
@tuleap/prism-language-tql_1.2.027 CVEs
16.027 CVEs
16.127 CVEs
16.226 CVEs
16.326 CVEs
16.426 CVEs
tuleap_additional_tools_0.0.126 CVEs
tuleap_additional_tools_0.0.226 CVEs
16.520 CVEs
16.615 CVEs
16.715 CVEs
16.815 CVEs
tuleap_additional_tools_0.0.315 CVEs
16.913 CVEs
16.1010 CVEs
16.119 CVEs
@tuleap/project-sidebar_2.7.08 CVEs
16.128 CVEs
16.138 CVEs
17.05 CVEs
@tuleap/project-sidebar_2.7.13 CVEs
@tuleap/project-sidebar_2.7.23 CVEs
Tuleap Enterprise Edition < 16.12-103 CVEs
Tuleap Enterprise Edition < 16.13-73 CVEs
< 11.16.99.1732 CVEs
< 15.12-62 CVEs
< 15.12-82 CVEs
< 15.13-32 CVEs
< 15.13-52 CVEs
>= 11.15-1, < 11.15-82 CVEs
>= 11.16-1, < 11.16-62 CVEs
>= 11.16-1, < 11.16-72 CVEs
>= 11.17-1, < 11.17-52 CVEs
Tuleap Community Edition < 14.11.99.282 CVEs
Tuleap Enterprise Edition < 14.10-62 CVEs
Tuleap Enterprise Edition < 17.0-22 CVEs
@tuleap/project-sidebar_2.7.31 CVE
< 11.17.99.1441 CVE
< 11.17.99.1461 CVE
< 12.11.99.251 CVE
< 13.2.99.1551 CVE
< 13.2.99.311 CVE
< 13.2.99.831 CVE
< 15.1-81 CVE
< 15.13.99.1101 CVE
< 15.13.99.1131 CVE
< 15.13.99.371 CVE
< 15.13.99.401 CVE
< 15.2.99.1031 CVE
< 15.4-71 CVE
< 15.5.99.761 CVE
< 16.0-71 CVE
< 16.1-41 CVE
< 16.1.99.501 CVE
< 16.7-51 CVE
< 16.8-31 CVE
< 16.8.99.17488459071 CVE
< 16.8.99.17498302891 CVE
< 16.9-11 CVE
>= 12.11-1, < 12.11-21 CVE
>= 13.1-1, < 13.1-61 CVE
>= 13.1-1, < 13.1-51 CVE
>= 13.1-1, < 13.1-71 CVE
>= 13.2-1, < 13.2-31 CVE
>= 13.2-1, < 13.2-41 CVE
>= 13.2-1, < 13.2-61 CVE
>= 15.2, < 15.2-41 CVE
>= 15.5, < 15.5-41 CVE
17.11 CVE
17.21 CVE
Community Edition < 14.8.99.601 CVE
Enterprise Edition < 14.7-71 CVE
Enterprise Edition >= 14.8, < 14.8-31 CVE
Tuleap Community Edition < 14.10.99.41 CVE
Tuleap Enterprise Edition < 16.12-91 CVE
Tuleap Enterprise Edition < 16.13-61 CVE
Tuleap Enterprise Edition < 17.0-11 CVE
Tuleap Enterprise Edition < 17.0-21 CVE
Tuleap Enterprise Edition < 17.0-41 CVE
Tuleap Enterprise Edition < 14.9-51 CVE
Tuleap Enterprise Edition < 16.10-51 CVE
Tuleap Enterprise Edition < 16.12-81 CVE
Tuleap Enterprise Edition < 16.13-51 CVE
Tuleap Enterprise Edition < 16.13-81 CVE
Tuleap Enterprise Edition < 16.13-91 CVE
Tuleap Enterprise Edition < 16.8-41 CVE
Tuleap Enterprise Edition < 16.8-51 CVE
Tuleap Enterprise Edition < 16.8-61 CVE
Tuleap Enterprise Edition < 16.9-81 CVE
Tuleap Enterprise Edition < 17.0-31 CVE

Fixed in

16.3-114 CVEs
16.4-64 CVEs
16.4-84 CVEs
13.8.63 CVEs
13.9.33 CVEs
13.9.99.1113 CVEs
16.12-103 CVEs
16.13-73 CVEs
16.5-53 CVEs
17.0-23 CVEs
11.15-82 CVEs
11.16-62 CVEs
11.16-72 CVEs
11.16.99.1732 CVEs

Find a version

71 CVEs

Sort

Tuleap is missing CSRF protection in the Overview inconsistent items
CVE-2026-24007
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (1th pct)2026-02-02
Tuleap has missing CSRF protections its in tracker field dependencies
CVE-2025-65962
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (4th pct)2025-12-08
Tuleap has missing CSRF protections in its tracker trigger management system
CVE-2025-64760
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (4th pct)2025-12-08
Tuleap is missing CSRF protections for its planning management API
CVE-2025-64499
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (5th pct)2025-12-08
Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-64498
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (4th pct)2025-12-08
Tuleap exposes releases for all projects to File Release System project administrators
CVE-2025-64497
Patch
CWE-639
Medium · CVSS 6.5
EPSS 0.0% (14th pct)2025-12-08
Tuleap missing CSRF protections in the File Release System
CVE-2025-64482
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (5th pct)2025-11-12
Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags
CVE-2025-64117
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.0% (5th pct)2025-11-12
Tuleap backlog item representations do not verify the permissions of the child trackers
CVE-2025-59040
Patch
CWE-280
Medium · CVSS 4.3
EPSS 0.1% (17th pct)2025-09-18
Tuleap's special and always there fields permissions are not verified in cross-tracker search
CVE-2025-54877
Patch
CWE-863
Medium · CVSS 5.3
EPSS 0.1% (21th pct)2025-08-29
Tuleap exposes artifacts to a mentioned user via email notifications
CVE-2025-53902
Public exploit
Patch
CWE-863
Medium · CVSS 4.3
EPSS 0.2% (47th pct)2025-07-29
Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact
CVE-2025-53541
Public exploit
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.2% (39th pct)2025-07-29
Tuleap vulnerable to user enumeration via the lost password form
CVE-2025-52899
Patch
CWE-204
Medium · CVSS 5.3
EPSS 0.4% (58th pct)2025-07-29
Tuleap missing CSRF protection on tracker reports manipulation
CVE-2025-50179
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.1% (24th pct)2025-06-25
Tuleap missing CSRF protection on tracker canned responses administration
CVE-2025-48991
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.1% (24th pct)2025-06-25
Tuleap does not enforce read permissions on parent trackers in the REST API
CVE-2025-30155
Patch
CWE-863
Medium · CVSS 4.3
EPSS 0.2% (44th pct)2025-03-31
Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin
CVE-2025-30209
Patch
CWE-863
Medium · CVSS 5.3
EPSS 0.4% (61th pct)2025-03-31
Tuleap allows XSS via the content of RSS feeds in the RSS widgets
CVE-2025-30203
Public exploit
Patch
CWE-84
Medium · CVSS 4.8
EPSS 0.3% (52th pct)2025-03-31
Tuleap is missing CSRF protection on tracker hierarchy administration
CVE-2025-29929
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.3% (49th pct)2025-03-31
Tuleap has missing CSRF protections on artifact submission & edition from the tracker view
CVE-2025-29766
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.3% (49th pct)2025-03-31
Tuleap is missing CSRF protections on tracker fields administrative operations
CVE-2025-27402
Patch
CWE-352
Medium · CVSS 4.6
EPSS 0.2% (37th pct)2025-03-04
In Tuleap, deleting a report can delete criteria filters in other reports
CVE-2025-27401
Patch
CWE-440
Medium · CVSS 4.6
EPSS 0.2% (36th pct)2025-03-04
Tuleap allows content injection via emails sent by the mass emailing features
CVE-2025-27156
Patch
CWE-79
Medium · CVSS 4.1
EPSS 0.7% (73th pct)2025-03-04
Tuleap dumps the Redis password into the generated troubleshooting archives
CVE-2025-27150
Patch
CWE-538
Medium · CVSS 5.3
EPSS 0.4% (63th pct)2025-03-04
Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message
CVE-2025-27099
Public exploit
Patch
CWE-80
Medium · CVSS 4.8
EPSS 0.2% (44th pct)2025-03-03
Tuleap allows default values to be cleared from field configuration
CVE-2025-27094
Public exploit
Patch
CWE-440
Medium · CVSS 5.4
EPSS 0.2% (40th pct)2025-03-03
Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap
CVE-2025-22129
Public exploit
Patch
CWE-280
Medium · CVSS 4.3
EPSS 0.3% (49th pct)2025-02-03
Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap
CVE-2025-24029
Patch
CWE-280
Medium · CVSS 5.3
EPSS 0.3% (55th pct)2025-02-03
Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin
CVE-2024-52599
Public exploit
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.2% (37th pct)2024-12-09
Medium vulnerability · 2024-10-14
CVE-2024-47767
Public exploit
Patch
CWE-280
Medium · CVSS 4.3
EPSS 0.3% (57th pct)2024-10-14

Showing 30 of 71

Severity and exploitation

enalean tuleap Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other enalean products

Frequently asked questions

How many CVEs does enalean tuleap have?

How many enalean tuleap CVEs are in CISA KEV?

Are there public exploits for enalean tuleap vulnerabilities?

Which versions of enalean tuleap are affected?

What are the most common weakness types in enalean tuleap CVEs?

What is the average severity of enalean tuleap CVEs?

References

Track enalean tuleap vulnerabilities