Thomas Gerbet

34 exploits Active since Nov 2017
CVE-2025-30209 WRITEUP MEDIUM WRITEUP
Tuleap < 16.4-10 and < 16.5.99.1742812323 - Incorrect Authorization via FRS REST Endpoints
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.
CVSS 5.3
CVE-2025-48991 WRITEUP MEDIUM WRITEUP
Tuleap < 16.7-5 and < 16.8.99.1748845907 - Cross-Site Request Forgery
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability.
CVSS 4.6
CVE-2025-50179 WRITEUP MEDIUM WRITEUP
Tuleap <16.8.99.1749830289, <16.9-1 - CSRF
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue.
CVSS 4.6
CVE-2025-53902 WRITEUP MEDIUM WRITEUP
Tuleap <16.9.99.1752585665, <16.8-6, <16.9-5 - Info Disclosure
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5.
CVSS 4.3
CVE-2025-59040 WRITEUP MEDIUM WRITEUP
Tuleap < 16.11.99.1757427600 - Insufficient Permission Validation in Backlog Item Representation
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.11.99.1757427600 and Tuleap Enterprise Edition 16.11-6 and 16.10-8.
CVSS 4.3
CVE-2025-64482 WRITEUP MEDIUM WRITEUP
Tuleap < 16.13.99.1762267347 / < 17.0-1, 16.13-6, 16.12-9 - Cross-Site Request Forgery
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file release system. An attacker could use this vulnerability to trick victims into changing the commit rules or immutable tags of a SVN repo. Tuleap Community Edition 16.13.99.1762267347, Tuleap Enterprise Edition 17.0-1, Tuleap Enterprise Edition 16.13-6, and Tuleap Enterprise Edition 16.12-9 fix the issue.
CVSS 4.6
CVE-2025-64497 WRITEUP MEDIUM WRITEUP
Tuleap < 16.12-10, < 17.0.99.1762431347 - Unauthorized File Release System Information Access
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
CVSS 6.5
CVE-2025-64499 WRITEUP MEDIUM WRITEUP
Tuleap < 16.12-10, < 17.0.99.1762456922 - Cross-Site Request Forgery via Planning Management API
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.
CVSS 4.6
CVE-2025-64760 WRITEUP MEDIUM WRITEUP
Tuleap < 16.13-8 and < 17.0.99.1763126988 - Cross-Site Request Forgery
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
CVSS 4.6