Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.
An attacker could use this vulnerability to trick victims into doing some administrative actions to get access to the repo or to perform DoS.
CVSSv3.1 score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
CWE-352Cross-Site Request Forgery - OWASP
gerrit #23169 integrated into Tuleap 22.214.171.124
gerrit #22984 integrated into Tuleap 126.96.36.199
Patch under review: gerrit #22984.