Lucene search

K
cvelistMendCVELIST:CVE-2022-32169
HistorySep 21, 2022 - 12:00 a.m.

CVE-2022-32169 bytebase - Improper Authorization

2022-09-2100:00:00
CWE-285
Mend
www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.8%

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.

CNA Affected

[
  {
    "product": "bytebase",
    "vendor": "bytebase",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.8%

Related for CVELIST:CVE-2022-32169