Home > Vulnerability Database > CVE-2022-46160

Mend.io Vulnerability Database

CVE-2022-46160

Good to know:

Date: December 13, 2022

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.

Language: PHP

Severity Score

4.3

Related Resources (5)

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0910a7b0ce14763e5c388be6ca4bcfd1c675c5d8

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46160

Url: https://tuleap.net/plugins/tracker/?aid=29642

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-hjhc-xqjh-9fv3

Url: https://www.mend.io/vulnerability-database/CVE-2022-46160

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 14.3

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46160

Good to know:

Date: December 13, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?