Is CVE-2023-48715 actively exploited?

CVE-2023-48715 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-48715?

CVE-2023-48715 has a CVSS score of 5.4 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

How do I patch CVE-2023-48715?

Patch guidance is available from enalean security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-48715.

CVE-2023-48715 - remediation guidance & executive summary

Q: Which products are affected by CVE-2023-48715?

3 products: enalean tuleap, enalean tuleap, enalean tuleap.

Description

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: ENALEAN
Published: 12/11/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

enalean : tuleapenalean : tuleapenalean : tuleap

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-48715. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-48715

View on NIST NVD

CVE-2023-48715 vulnerability