28 matches found
CVE-2022-32170 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
CVE-2022-32170
The CVE-2022-32170 entry concerns Bytebase. A low-privilege user can access admin-level projects via the endpoint /api/project?user=${userId} due to improper authorization. The description and connected sources confirm the affected software (Bytebase) and the vulnerability type (restricting acces...
PT-2022-21131 · Bytebase · Bytebase
Name of the Vulnerable Software and Affected Versions: Bytebase affected versions not specified Description: The issue concerns the Bytebase application, where low-privilege users are not restricted from accessing admin issues. This allows unauthorized users to view OPEN and CLOSED issues created...
Bytebase 授权问题漏洞
Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...
Bytebase 安全漏洞
Bytebase is an open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams.Bytebase versions 0.1.0 through 1.0.4 are vulnerable to an access control error that stems from unrestricted low privilege user access, which can b...
Cross-site Scripting (XSS) - Stored in bytebase/bytebase
Description Hello there, there is a stored XSS in bytebase SQL editor. Proof of Concept 1. Install bytebase on your system. 2. Go to /sql-editor and create a new query with name 3. Go back to the /sql-editor and go to Queries tab and see that a pop up appears, indicating the XSS payload is...
Improper Authorization in bytebase/bytebase
Description Hello bytebase team, there is an improper privilege management in bytebase source code. This allows a user to view another user inbox. Proof of Concept 1. Install bytebase, create new user user1and user2 2. Login as user1, go to this link /api/inbox?user=user-id and change user-id to ...
Cross-Site Request Forgery (CSRF) in bytebase/bytebase
Description all part of application That use POST http method to change or create data are vulnerable to CSRF attacks. for example the PATCH methods are not vulnerable I will show just create a member POC for you and if you want to see other POCs of other endpoint just say me to provide them too ...