cbcvebase.
CVE-2022-31128
published 2022-08-01

CVE-2022-31128: Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify…

PriorityP429medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.50%
38.8th percentile
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
enaleantuleap
enaleantuleap>= 13.10 < 13.10-313.10-3
enaleantuleap>= 13.9.9.110 < 13.10.99.8213.10.99.82
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.