First published: Tue Dec 13 2022(Updated: )
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Enalean Tuleap | <14.1-5 | |
Enalean Tuleap | <14.2.99.104 | |
Enalean Tuleap | >=14.2-1<14.2-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-46160 is a vulnerability in Tuleap, an open-source suite for software development and collaboration.
The severity of CVE-2022-46160 is medium with a CVSS score of 4.3.
CVE-2022-46160 affects versions prior to 14.2.99.104 of Tuleap by allowing unauthorized access to project dashboards.
To fix CVE-2022-46160, upgrade Tuleap to version 14.2.99.104 or later.
You can find more information about CVE-2022-46160 on the Tuleap GitHub page and the Tuleap tracker.