PT-2022-20475 · Tuleap · Tuleap
Tgerbet
+1
·
Published
2022-06-29
·
Updated
2023-07-21
·
CVE-2022-31032
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tuleap versions prior to 13.9.99.58
Description
The issue arises from improper verification of authorizations when creating projects or trackers from projects marked as templates. This allows users to access information in those template projects due to the permissions model not being properly enforced.
Recommendations
For versions prior to 13.9.99.58, upgrade to a version that includes the necessary security fixes to properly enforce the permissions model and verify authorizations.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tuleap