Vulnerability Details CVE-2022-32170
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.5%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197
- https://www.mend.io/vulnerability-database/CVE-2022-32170
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197
- https://www.mend.io/vulnerability-database/CVE-2022-32170
Products affected by CVE-2022-32170
-
cpe:2.3:a:bytebase:bytebase:0.1.0
-
cpe:2.3:a:bytebase:bytebase:0.10.0
-
cpe:2.3:a:bytebase:bytebase:0.11.0
-
cpe:2.3:a:bytebase:bytebase:0.12.0
-
cpe:2.3:a:bytebase:bytebase:0.13.0
-
cpe:2.3:a:bytebase:bytebase:0.2.0
-
cpe:2.3:a:bytebase:bytebase:0.2.1
-
cpe:2.3:a:bytebase:bytebase:0.2.2
-
cpe:2.3:a:bytebase:bytebase:0.3.0
-
cpe:2.3:a:bytebase:bytebase:0.4.0
-
cpe:2.3:a:bytebase:bytebase:0.4.1
-
cpe:2.3:a:bytebase:bytebase:0.5.0
-
cpe:2.3:a:bytebase:bytebase:0.6.0
-
cpe:2.3:a:bytebase:bytebase:0.7.0
-
cpe:2.3:a:bytebase:bytebase:0.7.1
-
cpe:2.3:a:bytebase:bytebase:0.7.2
-
cpe:2.3:a:bytebase:bytebase:0.8.0
-
cpe:2.3:a:bytebase:bytebase:0.8.1
-
cpe:2.3:a:bytebase:bytebase:0.9.0
-
cpe:2.3:a:bytebase:bytebase:1.0.0
-
cpe:2.3:a:bytebase:bytebase:1.0.1
-
cpe:2.3:a:bytebase:bytebase:1.0.2
-
cpe:2.3:a:bytebase:bytebase:1.0.3
-
cpe:2.3:a:bytebase:bytebase:1.0.4