vendor:
Tuleap
by:
Jerzy Kramarz
7,5
CVSS
HIGH
XML External Entity Injection
611
CWE
Product Name: Tuleap
Affected Version From: 7.2
Affected Version To: 7.2
Patch Exists: YES
Related CWE: CVE-2014-7177
CPE: a:enalean:tuleap
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2014
Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap
A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user. Successful attack could allow an authenticated attacker to access local system files. The following example vectors can be used as PoC to confirm the vulnerability.
Mitigation:
Upgrade to Tuleap 7.4.99.5 or later
