Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions and above, prior to, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition and Tuleap Enterprise Edition 14.0-3. There are no known workarounds.

Source: CVE-2022-39233

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.