CVE-2022-31032 — MEDIUM (4.3)

Q: How severe is CVE-2022-31032?

CVE-2022-31032 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-31032?

Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.

Vulnerability Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Enalean	Tuleap	< 13.9.99.111

Related Weaknesses (CWE)

CWE-200

References

https://docs.tuleap.org/administration-guide/users-management/security/site-acceProduct
https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e565PatchThird Party Advisory
https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17cPatchThird Party Advisory
https://github.com/Enalean/tuleap/security/advisories/GHSA-hvx6-4228-whj3Third Party Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=7e221a9d1893c1340PatchVendor Advisory
https://tuleap.net/plugins/tracker/?aid=26816Issue TrackingVendor Advisory
https://docs.tuleap.org/administration-guide/users-management/security/site-acceProduct
https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e565PatchThird Party Advisory
https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17cPatchThird Party Advisory
https://github.com/Enalean/tuleap/security/advisories/GHSA-hvx6-4228-whj3Third Party Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=7e221a9d1893c1340PatchVendor Advisory
https://tuleap.net/plugins/tracker/?aid=26816Issue TrackingVendor Advisory

FAQ

What is CVE-2022-31032?

CVE-2022-31032 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects o...

How severe is CVE-2022-31032?

CVE-2022-31032 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-31032?

Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.