CVE Vulnerability

CVE-2022-46160

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0910a7b0ce14763e5c388be6ca4bcfd1c675c5d8 Patch Vendor Advisory
https://tuleap.net/plugins/tracker/?aid=29642 Issue Tracking Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-hjhc-xqjh-9fv3 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*
Information

Published : 2022-12-13 07:15

Updated : 2022-12-15 07:59

NVD link : CVE-2022-46160

Mitre link : CVE-2022-46160

Products Affected
No products.
CWE
CWE-863