First published: Wed Jun 29 2022(Updated: )
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <13.9.99.111 | |
Enalean Tuleap | >=13.8.0<13.8.6 | |
Enalean Tuleap | >=13.9.0<13.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31058 is a vulnerability in Tuleap that allows an attacker to execute arbitrary SQL queries.
CVE-2022-31058 has a severity rating of 7.2 (high).
CVE-2022-31058 allows an attacker to manipulate SQL queries and retrieve sensitive data from Tuleap.
Yes, a fix is available for CVE-2022-31058. Users should update to version 13.9.99.95 or later of Tuleap.
You can find more information about CVE-2022-31058 in the official Tuleap security advisory and the GitHub commit.