CVE Vulnerability

CVE-2022-31032

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://docs.tuleap.org/administration-guide/users-management/security/site-access.html Product
https://github.com/Enalean/tuleap/security/advisories/GHSA-hvx6-4228-whj3 Third Party Advisory
https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e5654 Patch Third Party Advisory
https://tuleap.net/plugins/tracker/?aid=26816 Issue Tracking Vendor Advisory
https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17ca Patch Third Party Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=7e221a9d1893c13407b35008762757a76d8e5654 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
Information

Published : 2022-06-29 06:15

Updated : 2022-07-15 10:17

NVD link : CVE-2022-31032

Mitre link : CVE-2022-31032

Products Affected
No products.
CWE
CWE-863