medium
4.3
CWE
863
Advisory Published
Updated

CVE-2022-46160: Tuleap dashboards vulnerable to Incorrect Authorization

First published: Tue Dec 13 2022(Updated: )

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Enalean Tuleap<14.1-5
Enalean Tuleap<14.2.99.104
Enalean Tuleap>=14.2-1<14.2-4

Remedy

https://github.com/Enalean/tuleap/security/advisories/GHSA-hjhc-xqjh-9fv3

Remedy

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0910a7b0ce14763e5c388be6ca4bcfd1c675c5d8

Remedy

https://tuleap.net/plugins/tracker/?aid=29642

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-46160?

    CVE-2022-46160 is a vulnerability in Tuleap, an open-source suite for software development and collaboration.

  • What is the severity of CVE-2022-46160?

    The severity of CVE-2022-46160 is medium with a CVSS score of 4.3.

  • How does CVE-2022-46160 affect Tuleap?

    CVE-2022-46160 affects versions prior to 14.2.99.104 of Tuleap by allowing unauthorized access to project dashboards.

  • How can I fix CVE-2022-46160?

    To fix CVE-2022-46160, upgrade Tuleap to version 14.2.99.104 or later.

  • Where can I find more information about CVE-2022-46160?

    You can find more information about CVE-2022-46160 on the Tuleap GitHub page and the Tuleap tracker.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203