2 matches found
CVE-2022-32169 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”...
CVE-2022-32169
The CVE-2022-32169 entry describes an access control error in Bytebase where low-privilege users can access admin issues through the /issue endpoint and view OPEN/CLOSED issues. The root cause is inadequate restriction of privileges for low-privilege users in the issue handling path (notably the ...