What is CVE-2022-31058?

CVE-2022-31058 is a high-severity vulnerability in Enalean Tuleap, classified under SQL Injection. CVSS score: 7.2/10. Published 2022-06-29.

How severe is CVE-2022-31058?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2022-31058 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Enalean Tuleap

CVE-2022-31058

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the t…

Vulnerability class: SQL Injection

EPSS: 0.013 (80.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Enalean Tuleap — versions < 13.9.99.95

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

github.com/Enalean/tuleap/security/advisories/GHSA-4v2p-rwq9-3vjf (x_refsource_CONFIRM)
github.com/Enalean/tuleap/commit/b91bcd57c8344ec2a4c1833629e400cef4dd901a (x_refsource_MISC)
tuleap.net/plugins/git/tuleap/tuleap/stable (x_refsource_MISC)
tuleap.net/plugins/tracker/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31058?: CVE-2022-31058 is a high-severity vulnerability in Enalean Tuleap, classified under SQL Injection. CVSS score: 7.2/10. Published 2022-06-29.
How severe is CVE-2022-31058?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2022-31058 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.