XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
https://www.tuleap.org/recent-vulnerabilities
https://tuleap.net/plugins/tracker/?aid=7458
https://exchange.xforce.ibmcloud.com/vulnerabilities/98308