{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-52599","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-11-14T15:05:46.770Z","datePublished":"2024-12-09T18:41:35.060Z","dateUpdated":"2024-12-10T16:17:35.774Z"},"containers":{"cna":{"title":"Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin","problemTypes":[{"descriptions":[{"cweId":"CWE-79","lang":"en","description":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7","tags":["x_refsource_CONFIRM"],"url":"https://github.com/Enalean/tuleap/security/advisories/GHSA-489c-fm2j-qjw7"},{"name":"https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5","tags":["x_refsource_MISC"],"url":"https://github.com/Enalean/tuleap/commit/d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5"},{"name":"https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5","tags":["x_refsource_MISC"],"url":"https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=d3686ab152b6f64ff835e7dd3c99d97b36a9d4d5"},{"name":"https://tuleap.net/plugins/tracker/?aid=40459","tags":["x_refsource_MISC"],"url":"https://tuleap.net/plugins/tracker/?aid=40459"}],"affected":[{"vendor":"Enalean","product":"tuleap","versions":[{"version":"< 16.1.99.50","status":"affected"},{"version":"< 16.1-4","status":"affected"},{"version":"< 16.0-7","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-12-09T18:41:35.060Z"},"descriptions":[{"lang":"en","value":"Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix."}],"source":{"advisory":"GHSA-489c-fm2j-qjw7","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-10T16:17:26.941524Z","id":"CVE-2024-52599","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-10T16:17:35.774Z"}}]}}