Lucene search
HistorySep 28, 2022 - 10:15 a.m.
CVE-2022-32169
bytebase
cve-2022-32169
unauthorized access
admin privilege
security vulnerability
nvd
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
Affected configurations
Node
bytebasebytebaseRange0.1.0–1.0.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| bytebase:bytebase | bytebase | le | 1.0.4 |
CNA Affected
[
{
"product": "bytebase",
"vendor": "bytebase",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
github
github
Bytebase does not restrict low privilege user to access admin issues
2022-09-29 00:00:27
cnvd
cnvd
Bytebase Access Control Error Vulnerability
2022-09-30 00:00:00
cvelist
cvelist
CVE-2022-32169 bytebase - Improper Authorization
2022-09-21 00:00:00
veracode
veracode
Authorization Bypass
2022-09-29 07:12:42
osv
osv
CVE-2022-32169
2022-09-28 10:15:09
Bytebase does not restrict low privilege user to access admin issues
2022-09-29 00:00:27
nvd
nvd
CVE-2022-32169
2022-09-28 10:15:09
prion
prion
Open redirect
2022-09-28 10:15:00