Vulnerability Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 14.1-6 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcwPatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=29645Issue TrackingPatchVendor Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcwPatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=29645Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-23473?
CVE-2022-23473 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki sta...
How severe is CVE-2022-23473?
CVE-2022-23473 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23473?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.