28 matches found
Use of Client-Side Authentication
Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...
EUVD-2022-6712
Malicious code in bioql PyPI...
EUVD-2022-6762
Malicious code in bioql PyPI...
Privilege Escalation
github.com/bytebase/bytebase is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification and validation of users allowing an attacker to access admin 'projects' at endpoint “/api/project?user=$userId”...
Bytebase Access Control Error Vulnerability
Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...
Bytebase licensing issue vulnerability
Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...
Authorization Bypass
github.com/bytebase/bytebase is vulnerable to authorization bypass. The vulnerability exists in issue.ts because the access to admin issues is not properly restricted for low privilege users which allows an attacker to view open and closed issues by admin...
GHSA-9MMC-27GW-W6MQ Bytebase allows low-privilege users to view admin projects
Overview The "Bytebase" application does not restrict low privilege user from accessing admin projects Details The "Bytebase" application does not restrict low privilege user from accessing admin projects for which an unauthorized user can view the "projects" created by "Admin". The affected...
GHSA-5RC4-V5MJ-G8C4 Bytebase does not restrict low privilege user to access admin issues
The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue...
Bytebase allows low-privilege users to view admin projects
Overview The "Bytebase" application does not restrict low privilege user from accessing admin projects Details The "Bytebase" application does not restrict low privilege user from accessing admin projects for which an unauthorized user can view the "projects" created by "Admin". The affected...
Bytebase does not restrict low privilege user to access admin issues
The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue...
CVE-2022-32170
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
CVE-2022-32169
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”...
CVE-2022-32169
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”...
CVE-2022-32170
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
Code injection
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
CVE-2022-32169
The CVE-2022-32169 entry describes an access control error in Bytebase where low-privilege users can access admin issues through the /issue endpoint and view OPEN/CLOSED issues. The root cause is inadequate restriction of privileges for low-privilege users in the issue handling path (notably the ...
CVE-2022-32169 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”...
CVE-2022-32169 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”...
CVE-2022-32170 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...