Description
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Enalean/tuleap/security/advisories/GHSA-hvx6-4228-whj3
Patch, Third Party Advisory x_refsource_misc
https://github.com/Enalean/tuleap/commit/7e221a9d1893c13407b35008762757a76d8e5654
Patch, Third Party Advisory x_refsource_misc
https://github.com/Enalean/tuleap/commit/cc38bcc59ce0c733ca915d95daec5f3082fb17ca
Product x_refsource_misc
https://docs.tuleap.org/administration-guide/users-management/security/site-access.html
Patch, Vendor Advisory x_refsource_misc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=7e221a9d1893c13407b35008762757a76d8e5654
Issue Tracking, Vendor Advisory x_refsource_misc
https://tuleap.net/plugins/tracker/?aid=26816
Scores
CVSS v3
4.3
EPSS
0.0074
EPSS Percentile
49.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
enalean/tuleap
< 13.9.99.111
enalean/tuleap
13.8.0 - 13.8.6
Published
Jun 29, 2022
Tracked Since
Feb 18, 2026