How severe is CVE-2022-39233?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-39233?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2022-39233 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds.

Related Vulnerabilities

CVE-2019-3886

MEDIUM

CVSS:5.4(Medium)

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing un...

CWE-8622019

CVE-2019-4158

MEDIUM

CVSS:5.4(Medium)

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 1585...

CWE-8622019

CVE-2020-14213

MEDIUM

CVSS:5.4(Medium)

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

CWE-8622020

CVE-2020-2204

MEDIUM

CVSS:5.4(Medium)

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using at...

CWE-8622020

CVE-2020-6199

MEDIUM

CVSS:5.4(Medium)

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, ...

CWE-8622020

CVE-2020-6212

MEDIUM

CVSS:5.4(Medium)

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not...

CWE-8622020