Vulnerability Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 14.1-5 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-hjhc-xqjh-9fv3PatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0910a7b0ce14763e5PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=29642Issue TrackingPatchVendor Advisory
- https://github.com/Enalean/tuleap/security/advisories/GHSA-hjhc-xqjh-9fv3PatchThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0910a7b0ce14763e5PatchVendor Advisory
- https://tuleap.net/plugins/tracker/?aid=29642Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-46160?
CVE-2022-46160 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing...
How severe is CVE-2022-46160?
CVE-2022-46160 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46160?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.