Unrated severityNVD Advisory· Published Aug 1, 2022· Updated Apr 23, 2025

Fine grained permissions are not checked in Tuleap

CVE-2022-31128

Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint POST git/:id/branches regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products

Enalean/Tuleapv5
Range: >= >= 13.9.99.110, < 13.10.99.82

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33mitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79mitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000