Posted by Portcullis Advisories on Oct 28

Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap
CVE: CVE-2014-7177
Vendor: Enalean
Product: Tuleap
Affected version: 7.2 and earlier
Fixed version: 7.4.99.5
Reported by: Jerzy Kramarz

Details:

A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user.
Successful attack could allow an authenticated attacker to access local system files. The following…