VYPR
Unrated severityNVD Advisory· Published Dec 13, 2022· Updated Apr 23, 2025

Tuleap dashboards vulnerable to Incorrect Authorization

CVE-2022-46160

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Enalean/Tuleapllm-fuzzy2 versions
    <14.2.99.104+ 1 more
    • (no CPE)range: <14.2.99.104
    • (no CPE)range: < 14.2.99.104

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.