medium
4.3
CWE
863
Advisory Published
Updated

CVE-2022-23473: Tuleap MediaWiki standalone "readers" can also edit pages

First published: Tue Dec 13 2022(Updated: )

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Enalean Tuleap<14.1-6
Enalean Tuleap<14.2.99.148
Enalean Tuleap>=14.2-1<14.2-5

Remedy

https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw

Remedy

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9

Remedy

https://tuleap.net/plugins/tracker/?aid=29645

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-23473?

    CVE-2022-23473 is a vulnerability in Tuleap versions prior to 14.2.99.148 that allows users with read-only permissions to edit pages.

  • What is the severity of CVE-2022-23473?

    CVE-2022-23473 has a severity level of 4.3 (Medium).

  • How does CVE-2022-23473 affect Tuleap?

    CVE-2022-23473 affects Tuleap versions prior to 14.2.99.148 by allowing users with read-only permissions to edit pages.

  • How can I fix CVE-2022-23473?

    To fix CVE-2022-23473, update your Tuleap installation to version 14.2.99.148 or later.

  • Where can I find more information about CVE-2022-23473?

    You can find more information about CVE-2022-23473 at the following references: [GitHub Advisory](https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw) [Commit Details](https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9) [Issue Tracker](https://tuleap.net/plugins/tracker/?aid=29645)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203