CVE-2022-32169

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32169

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32169.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-32169

Aliases

GHSA-5rc4-v5mj-g8c4

Published

2022-09-28T10:15:09Z

Modified

2024-11-21T07:05:52Z

Summary

[none]

Details

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.

References

https://www.mend.io/vulnerability-database/CVE-2022-32169
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187

Affected packages

Git / github.com/bytebase/bytebase

Affected ranges

Type: GIT
Repo: https://github.com/bytebase/bytebase
Events: Introduced

a95560a0eeedfc8b9b0f3178911f33c024aef67e

Last affected

2ae1542ba1f4950654fdb8c5c96b2a79de370e60