{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "11.16.99.173" } ] }, { "events": [ { "introduced": "11.15-1" }, { "fixed": "11.15-8" } ] }, { "events": [ { "introduced": "11.16-1" }, { "fixed": "11.16-6" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "d6b2f8b8c5098938bc094726a4826479ddbee941" } ], "repo": "https://github.com/enalean/tuleap", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "d6b2f8b8c5098938bc094726a4826479ddbee941" } ], "repo": "https://github.com/enalean/tuleap", "type": "GIT" } ] } ], "details": "Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.", "id": "CVE-2021-41147", "modified": "2026-03-13T21:48:23.842711820Z", "published": "2021-10-15T14:15:08.247Z", "references": [ { "type": "FIX", "url": "https://github.com/Enalean/tuleap/commit/d6b2f8b8c5098938bc094726a4826479ddbee941" }, { "type": "FIX", "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-j2mq-65wv-prmp" }, { "type": "FIX", "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit\u0026h=d6b2f8b8c5098938bc094726a4826479ddbee941" }, { "type": "EVIDENCE", "url": "https://tuleap.net/plugins/tracker/?aid=15131" } ], "related": [ "GHSA-j2mq-65wv-prmp" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }