{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T11:02:08.340","vulnerabilities":[{"cve":{"id":"CVE-2025-29929","sourceIdentifier":"security-advisories@github.com","published":"2025-03-31T16:15:24.237","lastModified":"2025-08-21T22:07:11.397","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742306712 and Tuleap Enterprise Edition 16.5-5 and 16.4-8."},{"lang":"es","value":"Tuleap es una suite de código abierto que mejora la gestión del desarrollo de software y la colaboración. Tuleap carece de protección CSRF en la administración de la jerarquía de rastreadores. Un atacante podría usar esta vulnerabilidad para engañar a las víctimas y lograr que envíen o editen artefactos o comentarios de seguimiento. Esta vulnerabilidad está corregida en Tuleap Community Edition 16.5.99.1742306712 y Tuleap Enterprise Edition 16.5-5 y 16.4-8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"16.4-8","matchCriteriaId":"C9A97892-5CD1-4264-BBDE-843B91161A62"},{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*","versionEndExcluding":"16.5.99.1742306712","matchCriteriaId":"0913CB7A-B33F-4B9B-9531-F55216FB8CED"},{"vulnerable":true,"criteria":"cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"16.5","versionEndExcluding":"16.5-5","matchCriteriaId":"E08117D5-6EA5-490F-B78D-8EFDE5025837"}]}]}],"references":[{"url":"https://github.com/Enalean/tuleap/commit/dce61747f3a169da1f6b585ad5e6e0847fa3c950","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Enalean/tuleap/security/advisories/GHSA-hqqr-p5f6-26vv","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dce61747f3a169da1f6b585ad5e6e0847fa3c950","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://tuleap.net/plugins/tracker/?aid=42231","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}