First published: Wed Jun 29 2022(Updated: )
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <13.9.99.111 | |
Enalean Tuleap | >=13.8.0<13.8.6 | |
Enalean Tuleap | >=13.9.0<13.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-31063 is a vulnerability in Tuleap, an open-source suite for software development management and collaboration.
The severity of CVE-2022-31063 is medium, with a CVSS score of 5.4.
CVE-2022-31063 affects Enalean Tuleap versions prior to 13.9.99.111 in the search result of the MyDocmanSearch widget and in the administration page of locked documents.
To fix CVE-2022-31063, users should update their Enalean Tuleap installation to version 13.9.99.111 or newer.
Yes, additional information about CVE-2022-31063 can be found in the references provided: [GitHub commit](https://github.com/Enalean/tuleap/commit/c947975a4f1ff7bbfd7d5cd24a2e16bf12bd96d4), [GitHub advisory](https://github.com/Enalean/tuleap/security/advisories/GHSA-4fx8-4ff3-96jf), [Tuleap commit](https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=c947975a4f1ff7bbfd7d5cd24a2e16bf12bd96d4).