CVE-2021-41142

MEDIUM

Published 2021-10-14T16:05:13

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-41142. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

5.4

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.005

probability

of exploitation in the wild

There is a 0.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.667

Higher than 66.7% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Impact Metrics

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Description

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Enalean

tuleap

Affected Versions:

< 12.11.99.25 >= 12.11-1, < 12.11-2

References

https://github.com/Enalean/tuleap/security/advisories/GHSA-p3j6-6h9h-34r5

https://github.com/Enalean/tuleap/commit/d6c837ed6fa66d319175954a42f93d4d86745208

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d6c837ed6fa66d319175954a42f93d4d86745208

https://tuleap.net/plugins/tracker/?aid=22570

Published: 2021-10-14T16:05:13

Last Modified: 2024-08-04T02:59:31.700Z

Copied to clipboard!