CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17298

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile12.10th
PublishedSep 21, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.

Affected Platforms (CPE)

πŸ“¦
Enalean

Tuleap

< 10.5

References & Advisories

πŸ”— https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17
πŸ”— https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538
πŸ”— https://tuleap.net/plugins/tracker/?aid=12219
πŸ”— https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17
πŸ”— https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538
πŸ”— https://tuleap.net/plugins/tracker/?aid=12219

Related Vulnerabilities

CVE-2018-75389.8

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows atta...

CVE-2014-71789.3

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided ...

CVE-2018-76348.8

An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible ...

CVE-2017-74118.8

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() m...

CVE-2018-17298 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space