3 matches found
CVE-2022-32170 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
CVE-2022-32170 bytebase - Improper Authorization
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...
CVE-2022-32170
The CVE-2022-32170 entry concerns Bytebase. A low-privilege user can access admin-level projects via the endpoint /api/project?user=${userId} due to improper authorization. The description and connected sources confirm the affected software (Bytebase) and the vulnerability type (restricting acces...