CVE-2022-31058
published 2022-06-29CVE-2022-31058: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.37%
68.4th percentile
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enalean | tuleap | < 13.9.99.95 | 13.9.99.95 |
| enalean | tuleap | < 13.9.99.111 | 13.9.99.111 |
| enalean | tuleap | >= 13.8.0 < 13.8.6 | 13.8.6 |
| enalean | tuleap | >= 13.9.0 < 13.9.3 | 13.9.3 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Enalean/tuleap/commit/b91bcd57c8344ec2a4c1833629e400cef4dd901ahttps://github.com/Enalean/tuleap/security/advisories/GHSA-4v2p-rwq9-3vjfhttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b91bcd57c8344ec2a4c1833629e400cef4dd901ahttps://tuleap.net/plugins/tracker/?aid=27172https://github.com/Enalean/tuleap/commit/b91bcd57c8344ec2a4c1833629e400cef4dd901ahttps://github.com/Enalean/tuleap/security/advisories/GHSA-4v2p-rwq9-3vjfhttps://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b91bcd57c8344ec2a4c1833629e400cef4dd901ahttps://tuleap.net/plugins/tracker/?aid=27172
2022-06-29
Published