CVE-2022-32170

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32170

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32170.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-32170

Aliases

GHSA-9mmc-27gw-w6mq

Published

2022-09-28T10:15:09Z

Modified

2025-05-21T14:15:24Z

Summary

[none]

Details

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.

References

https://www.mend.io/vulnerability-database/CVE-2022-32170
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197

Affected packages

Git / github.com/bytebase/bytebase

Affected ranges

Type: GIT
Repo: https://github.com/bytebase/bytebase
Events: Introduced

a95560a0eeedfc8b9b0f3178911f33c024aef67e

Last affected

2ae1542ba1f4950654fdb8c5c96b2a79de370e60