Lucene search

[email protected]NVD:CVE-2022-31128

HistoryAug 01, 2022 - 5:15 p.m.

CVE-2022-31128

2022-08-0117:15:08

CWE-862

[email protected]

web.nvd.nist.gov

tuleap

rest api

git

branches

vulnerability

permissions

upgrade

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint POST git/:id/branches regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.

Affected configurations

NVD

Node

enaleantuleapRange13.9.9.110–13.10.99.82community

enaleantuleapRange13.10–13.10-3enterprise

References

github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33

github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79

tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=58ecb1dee1c46075d3e089980301ebfbe0bafd33

tuleap.net/plugins/tracker/?aid=27538

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for NVD:CVE-2022-31128

cve1 osv1 prion1 cvelist1