1. Home
  2. CVE Database
  3. CVE-2022-31128
MEDIUM · 5.4

CVE-2022-31128

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the ...

Vulnerability Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
EnaleanTuleap>= 13.9.9.110, < 13.10.99.82

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2022-31128?

CVE-2022-31128 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the ...

How severe is CVE-2022-31128?

CVE-2022-31128 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-31128?

Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.