Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #29642 Project "homepage" does not correctly verify permissions
    Actions
    Infos
    #29642
    Thomas Gerbet (tgerbet)
    2022-12-12 09:56
    2022-11-30 10:07
    31240
    Details
    Project "homepage" does not correctly verify permissions

    Project level authorizations are not properly verified when accessing the project "homepage"/dashboards.

    Impact

    Users not able to access a project might still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...).

    CVSSv3.1 score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

    References

    CWE 285
    CVE-2022-46160

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2022-11-30
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #29213 Tuleap Releases 14.3 Delivered 2022-12-08 10:41 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #29642

    Git commit

    tuleap/tuleap/stable

    Fixes request #29642: Project "homepage" does not correctly verify permissions 0910a7b0ce
    User avatar Thomas Gerbet (tgerbet) , 2022-11-30 10:10
    Merge commit 'refs/changes/37/27337/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD e701cd5392
    User avatar Yannis ROSSETTO (rossettoy) , 2022-11-30 17:08
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-11-30 17:25

    CVE-2022-46160 has been assigned to this vulnerability.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes