Vulnerability Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 13.9.99.111 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/b91bcd57c8344ec2a4c1833629e400cef4dd901PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-4v2p-rwq9-3vjfThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b91bcd57c8344ec2aPatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=27172Issue TrackingVendor Advisory
- https://github.com/Enalean/tuleap/commit/b91bcd57c8344ec2a4c1833629e400cef4dd901PatchThird Party Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-4v2p-rwq9-3vjfThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b91bcd57c8344ec2aPatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=27172Issue TrackingVendor Advisory
FAQ
What is CVE-2022-31058?
CVE-2022-31058 is a vulnerability with a CVSS score of 7.2 (HIGH). Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing t...
How severe is CVE-2022-31058?
CVE-2022-31058 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31058?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.