CVE-2021-43782

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43782

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43782.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43782

Related

GHSA-887w-pv2r-x8pm
GHSA-cwv9-hhm4-jr84

Published

2021-12-15T20:15:08.490Z

Modified

2026-01-31T16:38:42.326928Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldapuid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.

References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type: GIT
Repo: https://github.com/enalean/tuleap
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

64e77561eba9f8233199c2962b3497ed7294a7d2

Affected versions

10.*

10.0

10.1

10.10

10.11

10.2

10.3

10.4

10.5

10.6

10.7

10.8

10.9

11.*

11.0

11.1

11.10

11.11

11.12

11.13

11.14

11.15

11.16

11.17

11.18

11.2

11.3

11.4

11.5

11.6

11.7

11.8

11.9

12.*

12.0

12.1

12.10

12.11

12.12

12.2

12.3

12.4

12.5

12.6

12.7

12.8

12.9

13.*

13.0

13.1

13.2

Other

1839_conditions_on_dates_in_5_7_1

4.*

4.0.18

4.0.20

4.0.28

5.*

5.0.1

5.0.2

5.0.3

5.0.4

5.1.0

5.11

5.12

5.2

5.3

5.3.1

5.4

5.5

5.5.1

5.5.2

5.5.3

5.5.4

5.6

5.6.1

5.6.2

5.7

5.8

5.9

5.9.1

6.*

6.0

6.1

6.10

6.11

6.12

6.2

6.3

6.4

6.5

6.6

6.7

6.8

6.9

7.*

7.0

7.1

7.10

7.11

7.2

7.3

7.4

7.5

7.6

7.7

7.8

7.9

8.*

8.0

8.1

8.10

8.11

8.12

8.13

8.14

8.15

8.16

8.17

8.18

8.19

8.2

8.3

8.4

8.5

8.6

8.7

8.8

8.9

9.*

9.0

9.1

9.10

9.11

9.12

9.13

9.14

9.15

9.16

9.17

9.18

9.19

9.2

9.3

9.4

9.5

9.6

9.7

9.8

9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43782.json"