Vulnerabilities > CVE-2022-24896 - Missing Authorization vulnerability in Enalean Tuleap

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

enalean

CWE-862

NVD

Published: 2022-06-09

Updated: 2022-06-15

Summary

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.

Vulnerable Configurations

Part	Description	Count
Application	Enalean Enalean Tuleap 11.16.99.173 Enalean Tuleap 11.17.99.144 Enalean Tuleap 11.17.99.146 Enalean Tuleap 12.9.99.228 Enalean Tuleap 13.7-1 Enalean Tuleap 11.15-1 Enalean Tuleap 11.15-8 Enalean Tuleap 11.16-1 Enalean Tuleap 11.16-6 Enalean Tuleap 11.16-7 Enalean Tuleap 11.17-1 Enalean Tuleap 11.17-5 Enalean Tuleap 12.10 Enalean Tuleap 12.11-2	14

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References