CVE-2024-52599
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52599
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52599.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52599
- Aliases
-
- GHSA-489c-fm2j-qjw7
- Published
- 2024-12-09T18:41:35.060Z
- Modified
- 2025-12-01T17:52:39.194578Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin
- Details
-
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52599.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52599.json
- https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7
- https://nvd.nist.gov/vuln/detail/CVE-2024-52599
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5
- https://tuleap.net/plugins/tracker/?aid=40459
Affected packages
Git / github.com/enalean/tuleap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/enalean/tuleap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
10.*
10.0
10.1
10.10
10.11
10.2
10.3
10.4
10.5
10.6
10.7
10.8
10.9
11.*
11.0
11.1
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.17
11.18
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
12.*
12.0
12.1
12.10
12.11
12.12
12.2
12.3
12.4
12.5
12.6
12.7
12.8
12.9
13.*
13.0
13.1
13.10
13.11
13.12
13.2
13.3
13.4
13.5
13.6
13.7
13.8
13.9
14.*
14.0
14.1
14.10
14.11
14.12
14.2
14.3
14.4
14.5
14.6
14.7
14.8
14.9
15.*
15.0
15.1
15.10
15.11
15.12
15.13
15.2
15.3
15.4
15.5
15.6
15.7
15.8
15.9
16.*
16.0
16.1
Other
1839_conditions_on_dates_in_5_7_1
4.*
4.0.18
4.0.20
4.0.28
5.*
5.0.1
5.0.2
5.0.3
5.0.4
5.1.0
5.11
5.12
5.2
5.3
5.3.1
5.4
5.5
5.5.1
5.5.2
5.5.3
5.5.4
5.6
5.6.1
5.6.2
5.7
5.8
5.9
5.9.1
6.*
6.0
6.1
6.10
6.11
6.12
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
7.*
7.0
7.1
7.10
7.11
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
8.*
8.0
8.1
8.10
8.11
8.12
8.13
8.14
8.15
8.16
8.17
8.18
8.19
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9
9.*
9.0
9.1
9.10
9.11
9.12
9.13
9.14
9.15
9.16
9.17
9.18
9.19
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
@tuleap/prism-language-tql_1.*
@tuleap/prism-language-tql_1.0.0
@tuleap/prism-language-tql_1.0.1
@tuleap/prism-language-tql_1.1.0
@tuleap/prism-language-tql_1.2.0
@tuleap/project-sidebar_1.*
@tuleap/project-sidebar_1.0.0
@tuleap/project-sidebar_1.0.1
@tuleap/project-sidebar_1.0.2
@tuleap/project-sidebar_1.1.0
@tuleap/project-sidebar_2.*
@tuleap/project-sidebar_2.1.0
@tuleap/project-sidebar_2.2.0
@tuleap/project-sidebar_2.2.1
@tuleap/project-sidebar_2.2.3
@tuleap/project-sidebar_2.2.4
@tuleap/project-sidebar_2.3.0
@tuleap/project-sidebar_2.4.0
@tuleap/project-sidebar_2.5.0
@tuleap/project-sidebar_2.6.0
@tuleap/project-sidebar_2.6.1