CVE-2023-48715

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 11, 2023
Updated: Feb 22, 2024
CWE ID 79

Summary

CVE-2023-48715 is a vulnerability affecting Tuleap, an open-source suite for software development and collaboration. Specifically, versions prior to 15.2.99.103 of Tuleap Community Edition and versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition are affected. The vulnerability arises from improper escaping of release names on the edition page, allowing a malicious user with FRS release creation ability to execute uncontrolled code on a victim with write permissions in the FRS. Tuleap Community Edition 15.2.99.103 and Tuleap Enterprise Edition 15.2-4, as well as Tuleap Enterprise Edition 15.1-8, have been patched to address this issue. The vulnerability has a base severity rating of MEDIUM, with low privileges required and user interaction necessary for exploitation, and a CVSS score of 5.4 out of 10.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48715 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options