First published: Wed Jun 29 2022(Updated: )
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <13.9.99.111 | |
Enalean Tuleap | >=13.8.0<13.8.6 | |
Enalean Tuleap | >=13.9.0<13.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31032 is a vulnerability in Tuleap that allows unauthorized access to information in template projects or trackers.
CVE-2022-31032 has a severity rating of 4.3 (medium).
CVE-2022-31032 affects Tuleap versions prior to 13.9.99.58.
To fix CVE-2022-31032, you should upgrade Tuleap to version 13.9.99.58 or higher.
You can find more information about CVE-2022-31032 at the following references: [Reference 1](https://docs.tuleap.org/administration-guide/users-management/security/site-access.html), [Reference 2](https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e5654), [Reference 3](https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17ca).