request #45251 Missing CSRF protection in the management of SVN commit rules and immutable tags

Infos

Artifact ID#45251

Submitted byNicolas Terray (nterray)

Last Modified On2025-11-12 10:12

Submitted on2025-10-29 10:00

Rank46973

Details

Summary *

Missing CSRF protection in the management of SVN commit rules and immutable tags

Original Submission

There is no CSRF protection when managing the SVN commit rules and immutable tags.

Impact

An attacker could use this vulnerability to trick victims into changing the commit rules or immutable tags of a SVN repo.
CVSSv3.1 score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

References

CWE 352
Cross-Site Request Forgery - OWASP
CVE-2025-64117

CategorySCM/Subversion

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toNicolas Terray (nterray)

StatusClosed

Close date2025-10-30

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #45251

Git commit

tuleap/tuleap/stable

fix: request #45251: Check CSRF in SVN commit rules and immutable tags f49419f63e

Nicolas Terray (nterray) , 2025-10-29 17:51

Merge 'gerrit #36063' into stable/master 516a761b17

Thomas Gerbet (tgerbet) , 2025-10-30 09:40

Show items referenced by request #45251

Referenced by request #45251

Artifact Tracker v5

rel #44428 17.0

Git commit

tuleap/tuleap/stable

fix: request #45251: Check CSRF in SVN commit rules and immutable tags f49419f63e

Nicolas Terray (nterray) , 2025-10-29 17:51

Other

Follow-ups

Thomas Gerbet (tgerbet)

2025-11-12 10:12

Public disclosure.

Manuel Vacelet (vaceletm)

2025-11-07 10:45

Connected artifacts
- Changed type from no type to Fixed in: rel #44428

Thomas Gerbet (tgerbet)

2025-10-30 17:39

CVE-2025-64117 has been assigned to this issue.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2025-10-30 09:44

Connected artifacts
- Added: rel #44428

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-10-30 09:42

request fixed by @nterray with git #tuleap/stable/f49419f63edbbaa31ce8417b737431d944827404.

Status changed from Under implementation to Closed
Close date set to 2025-10-30

Thomas Gerbet (tgerbet)

2025-10-29 15:36

Summary
-~~Check~~ CSRF in SVN commit rules and immutable tags
+Missing CSRF protection in the management of SVN commit rules and immutable tags
Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes
Category set to SCM/Subversion
Status changed from New to Under implementation
Assigned to changed from None to Nicolas Terray (nterray)
Reported in version set to All

Nicolas Terray (nterray)

2025-10-29 13:15

Summary
-Check CSRF in SVN commit rules
+Check CSRF in SVN commit rules and immutable tags

Nicolas Terray (nterray)

2025-10-29 10:13

See gerrit #36063

Nicolas Terray (nterray)

2025-10-29 10:10

Summary
-Check CSRF in SVN
+Check CSRF in SVN commit rules