If you have updated to Tuleap version 13.10.99.82 or higher and cannot access the REST API please upgrade to version 13.10-3.
Access to the REST API is currently unavailable
The REST API is currently unavailable in Tuleap version 13.10-3.
Please upgrade to Tuleap version 13.10.99.82 or higher to access the REST API
How to update from 13.10-2 to 13.10.99.82
If you have updated to Tuleap version 13.10.99.82 or higher, please follow the instructions below to update from version 13.10-2 to 13.10.99.82:
1) Login at https://tuleap.com/account/
2) Go to Tools > Updates and follow the instructions there
3) Update your database
4) Log in at https://tuleap-ui-console-prod.mybluemix.net and follow the installation steps
What is the Tuleap REST API?
The REST API is a set of interfaces that you can use to integrate Tuleap with your external system. The REST API allows you to create, read, update and delete data in Tuleap.
How to detect if you are affected?
If you are wondering if your Tuleap server is affected, please check the following table:
The next version of Tuleap will be 13.10-3 which will fix the issue. You can upgrade to this latest version from Tuleap console or your preferred way.
Timeline
Published on: 08/01/2022 17:15:00 UTC
Last modified on: 08/06/2022 02:42:00 UTC
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-2p49-vgcx-5w79
- https://github.com/Enalean/tuleap/commit/58ecb1dee1c46075d3e089980301ebfbe0bafd33
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=58ecb1dee1c46075d3e089980301ebfbe0bafd33
- https://tuleap.net/plugins/tracker/?aid=27538
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31128