{"containers": {"cna": {"affected": [{"product": "bytebase", "vendor": "bytebase", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0.1.0", "versionType": "custom"}, {"lessThanOrEqual": "1.0.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Mend Vulnerability Research Team (MVR)"}], "datePublic": "2022-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."}], "metrics": [{"other": {"content": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": 3.1}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-28T09:30:23", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}], "source": {"advisory": "https://www.mend.io/vulnerability-database/", "discovery": "UNKNOWN"}, "title": "bytebase - Improper Authorization", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM", "ID": "CVE-2022-32169", "STATE": "PUBLIC", "TITLE": "bytebase - Improper Authorization"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bytebase", "version": {"version_data": [{"version_affected": ">=", "version_value": "0.1.0"}, {"version_affected": "<=", "version_value": "1.0.4"}]}}]}, "vendor_name": "bytebase"}]}}, "credit": [{"lang": "eng", "value": "Mend Vulnerability Research Team (MVR)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": 3.1}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.mend.io/vulnerability-database/CVE-2022-32169", "refsource": "MISC", "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"}, {"name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187", "refsource": "MISC", "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}]}, "source": {"advisory": "https://www.mend.io/vulnerability-database/", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2022-32169", "datePublished": "2022-09-21T00:00:00", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2022-09-28T09:30:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bytebase:bytebase:*:*:*:*:*:*:*:*", "matchCriteriaId": "58D2B448-3301-48A8-8796-C8FDA52268A6", "versionEndIncluding": "1.0.4", "versionStartIncluding": "0.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."}, {"lang": "es", "value": "La aplicaci\u00f3n \"Bytebase\" no restringe a usuarios poco privilegiados el acceso a \"admin issues\" para las que un usuario no autorizado puede ver las incidencias \"OPEN\" y \"CLOSE\" por \"Admin\" y el endpoint afectado es \"/issue\""}], "id": "CVE-2022-32169", "lastModified": "2023-11-07T03:47:44.463", "metrics": {}, "published": "2022-09-28T10:15:09.653", "references": [{"source": "vulnerabilitylab@mend.io", "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "vulnerabilitylab@mend.io", "type": "Secondary"}]}

{}