Vulnerability Details CVE-2022-32169
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.5%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187
- https://www.mend.io/vulnerability-database/CVE-2022-32169
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187
- https://www.mend.io/vulnerability-database/CVE-2022-32169
Products affected by CVE-2022-32169
-
cpe:2.3:a:bytebase:bytebase:0.1.0
-
cpe:2.3:a:bytebase:bytebase:0.10.0
-
cpe:2.3:a:bytebase:bytebase:0.11.0
-
cpe:2.3:a:bytebase:bytebase:0.12.0
-
cpe:2.3:a:bytebase:bytebase:0.13.0
-
cpe:2.3:a:bytebase:bytebase:0.2.0
-
cpe:2.3:a:bytebase:bytebase:0.2.1
-
cpe:2.3:a:bytebase:bytebase:0.2.2
-
cpe:2.3:a:bytebase:bytebase:0.3.0
-
cpe:2.3:a:bytebase:bytebase:0.4.0
-
cpe:2.3:a:bytebase:bytebase:0.4.1
-
cpe:2.3:a:bytebase:bytebase:0.5.0
-
cpe:2.3:a:bytebase:bytebase:0.6.0
-
cpe:2.3:a:bytebase:bytebase:0.7.0
-
cpe:2.3:a:bytebase:bytebase:0.7.1
-
cpe:2.3:a:bytebase:bytebase:0.7.2
-
cpe:2.3:a:bytebase:bytebase:0.8.0
-
cpe:2.3:a:bytebase:bytebase:0.8.1
-
cpe:2.3:a:bytebase:bytebase:0.9.0
-
cpe:2.3:a:bytebase:bytebase:1.0.0
-
cpe:2.3:a:bytebase:bytebase:1.0.1
-
cpe:2.3:a:bytebase:bytebase:1.0.2
-
cpe:2.3:a:bytebase:bytebase:1.0.3
-
cpe:2.3:a:bytebase:bytebase:1.0.4