Tuleap does not sanitize properly user inputs when constructing the SQL query to edit an agile dashboard planning.
An attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries.
CVSSv3.1 score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Issue can be demonstrated by modifying the column ID of the mapping_field form parameter. For example to generate an SQL error something like mapping_field[values] becomes mapping_field[values][45)].
OWASP SQL Injection