PT-2022-20496 · Tuleap · Tuleap

Tgerbet

Published

2022-06-29

Updated

2022-07-15

CVE-2022-31058

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 13.9.99.95

Description The issue concerns the improper sanitization of user inputs when constructing SQL queries for tracker reports. This allows an attacker with the capability to create a new tracker to execute arbitrary SQL queries.

Recommendations For versions prior to 13.9.99.95, upgrade to a version that includes the necessary security fixes to resolve the issue. As a temporary workaround, consider restricting the capability to create new trackers to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-31058

GHSA-4V2P-RWQ9-3VJF

Affected Products

Tuleap

PT-2022-20496 · Tuleap · Tuleap

CVE-2022-31058

Weakness Enumeration

Related Identifiers

Affected Products

References · 7