{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23473", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.757Z", "datePublished": "2022-12-13T06:46:17.479Z", "dateUpdated": "2025-04-23T16:28:41.005Z"}, "containers": {"cna": {"title": "Tuleap MediaWiki standalone \"readers\" can also edit pages", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9", "tags": ["x_refsource_MISC"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"name": "https://tuleap.net/plugins/tracker/?aid=29645", "tags": ["x_refsource_MISC"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}], "affected": [{"vendor": "Enalean", "product": "tuleap", "versions": [{"version": "< 14.2.99.148", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-13T06:46:17.479Z"}, "descriptions": [{"lang": "en", "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6."}], "source": {"advisory": "GHSA-c7rr-5vmc-rgcw", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.107Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"name": "https://tuleap.net/plugins/tracker/?aid=29645", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:52:33.907917Z", "id": "CVE-2022-23473", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:28:41.005Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23473", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.757Z", "datePublished": "2022-12-13T06:46:17.479Z", "dateUpdated": "2025-04-23T16:28:41.005Z"}, "containers": {"cna": {"title": "Tuleap MediaWiki standalone \"readers\" can also edit pages", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9", "tags": ["x_refsource_MISC"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"name": "https://tuleap.net/plugins/tracker/?aid=29645", "tags": ["x_refsource_MISC"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}], "affected": [{"vendor": "Enalean", "product": "tuleap", "versions": [{"version": "< 14.2.99.148", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-13T06:46:17.479Z"}, "descriptions": [{"lang": "en", "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6."}], "source": {"advisory": "GHSA-c7rr-5vmc-rgcw", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.107Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"name": "https://tuleap.net/plugins/tracker/?aid=29645", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23473", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:52:33.907917Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:52:35.822Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B83F73F0-4A3C-4BF8-9856-69804CC7CA97", "versionEndExcluding": "14.1-6", "vulnerable": true}, {"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*", "matchCriteriaId": "1D108E69-8674-468E-97F8-43328D59DB3F", "versionEndExcluding": "14.2.99.148", "vulnerable": true}, {"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "58282A9C-CDE2-4A05-A3CC-81CB363A6C33", "versionEndExcluding": "14.2-5", "versionStartIncluding": "14.2-1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6."}, {"lang": "es", "value": "Tuleap es una suite de c\u00f3digo abierto para mejorar la gesti\u00f3n de los desarrollos de software y la colaboraci\u00f3n. En versiones anteriores a la 14.2.99.148, las autorizaciones no se verifican correctamente al acceder a los recursos independientes de MediaWiki. Los usuarios con permisos de solo lectura para p\u00e1ginas tambi\u00e9n pueden editarlas. Esto s\u00f3lo afecta al complemento independiente de MediaWiki. Este problema se solucion\u00f3 en las versiones Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5 y Tuleap Enterprise Edition 14.1-6."}], "id": "CVE-2022-23473", "lastModified": "2024-11-21T06:48:38.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T07:15:09.723", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-c7rr-5vmc-rgcw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=97cac78302170a883c1d60c9fa6dfd0d95854cb9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://tuleap.net/plugins/tracker/?aid=29645"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}