The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197 | |
https://www.mend.io/vulnerability-database/CVE-2022-32170 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2022-09-21T00:00:00
Updated: 2022-09-28T09:30:17
Reserved: 2022-05-31T00:00:00
Link: CVE-2022-32170
JSON object: View
NVD Information
Status : Modified
Published: 2022-09-28T10:15:09.740
Modified: 2023-11-07T03:47:44.620
Link: CVE-2022-32170
JSON object: View
Redhat Information
No data.
CWE