Home > Vulnerability Database > CVE-2022-39233

Mend.io Vulnerability Database

CVE-2022-39233

Good to know:

Date: October 19, 2022

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds.

Language: PHP

Severity Score

5.4

Related Resources (6)

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a06cb42d55c840d61a484472ed6b169ab23853ac

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-3884-972x-3ccq

Url: https://tuleap.net/plugins/tracker/?aid=28848

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39233

Url: https://github.com/Enalean/tuleap/commit/a06cb42d55c840d61a484472ed6b169ab23853ac

Url: https://www.mend.io/vulnerability-database/CVE-2022-39233

Severity Score

5.4

Weakness Type (CWE)

Missing Authorization

CWE-862

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 14.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39233

Good to know:

Date: October 19, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?