request #46389 Missing CSRF protection in the Overview inconsistent items

Infos

Artifact ID#46389

Submitted byJoris MASSON (jmasson)

Last Modified On2026-02-02 16:21

Submitted on2026-01-20 14:30

Rank48111

Details

Summary *

Missing CSRF protection in the Overview inconsistent items

Original Submission

In the Backlog service, when you browse a milestone (for example : Release, Sprint), by default you land on a tab called "Overview" that lists items planned in the milestone. Some items can be in an inconsistent state, and the button to repair those inconsistent items is not protected against CSRFs.

Impact

An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links from the release).
CVSSv3.1 score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)

References

CWE 352
Cross-Site Request Forgery - OWASP
CVE-2026-24007

CategoryAgile Dashboard

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toJoris MASSON (jmasson)

StatusClosed

Close date2026-01-20

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #46389

Git commit

tuleap/tuleap/stable

fix: request #46389 Missing CSRF protection in the Overview inconsistent items 5ec5e81e40

Joris MASSON (jmasson) , 2026-01-20 15:59

Merge commit 'refs/changes/69/36669/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 6ece2ba234

Kevin Traini (ktraini) , 2026-01-20 16:58

Show items referenced by request #46389

Referenced by request #46389

Artifact

rel #46324 17.3

Git commit

tuleap/tuleap/stable

fix: request #46389 Missing CSRF protection in the Overview inconsistent items 5ec5e81e40

Joris MASSON (jmasson) , 2026-01-20 15:59

Other

Follow-ups

Joris MASSON (jmasson)

2026-02-02 16:21

Public disclosure.

Thomas Gerbet (tgerbet)

2026-01-22 09:16

CVE-2026-24007 has been assigned to this issue.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Kevin Traini (ktraini)

2026-01-20 16:59

Connected artifacts
- Added Fixed in: rel #46324

Tracker Workflow Manager (forge__tracker_workflow_manager)

2026-01-20 16:59

request fixed by @jmasson with git #tuleap/stable/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5.

Status changed from Under review to Closed
Close date set to 2026-01-20

Joris MASSON (jmasson)

2026-01-20 16:01

See gerrit #36669. The previous patch has too many changes.

Status changed from Under implementation to Under review

Thomas Gerbet (tgerbet)

2026-01-20 15:30

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Joris MASSON (jmasson)

2026-01-20 15:15

Status changed from New to Under implementation

Kevin Traini (ktraini)

2026-01-20 14:37

See gerrit #36667