CVE-2022-31032 MEDIUM

CVE-2022-31032: Resources of private projects can be exposed in Tuleap

Vendor Enalean

Product tuleap

Weakness CWE-200 · Info exposure

Published June 29, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

June 29, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-31032

Related vulnerabilities

CVE-2022-31032: Resources of private projects can be exposed in Tuleap

01Description

02Disclosure timeline

03References

04Related CVE