Lucene search
HistorySep 28, 2022 - 10:15 a.m.
CVE-2022-32170
cve-2022-32170
bytebase
application security
unauthorized access
admin projects
low privilege user
nvd
vulnerability
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
Affected configurations
Node
bytebasebytebaseRange0.1.0–1.0.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| bytebase:bytebase | bytebase | le | 1.0.4 |
CNA Affected
[
{
"product": "bytebase",
"vendor": "bytebase",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-32170 bytebase - Improper Authorization
2022-09-21 00:00:00
osv
osv
CVE-2022-32170
2022-09-28 10:15:09
Bytebase allows low-privilege users to view admin projects
2022-09-29 00:00:27
veracode
veracode
Privilege Escalation
2022-09-30 02:57:57
nvd
nvd
CVE-2022-32170
2022-09-28 10:15:09
prion
prion
Code injection
2022-09-28 10:15:00
github
github
Bytebase allows low-privilege users to view admin projects
2022-09-29 00:00:27
cnvd
cnvd
Bytebase licensing issue vulnerability
2022-09-30 00:00:00