Vulnerability Description
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bytebase | Bytebase | >= 0.1.0, <= 1.0.4 |
Related Weaknesses (CWE)
References
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue
- https://www.mend.io/vulnerability-database/CVE-2022-32169ExploitThird Party Advisory
- https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue
- https://www.mend.io/vulnerability-database/CVE-2022-32169ExploitThird Party Advisory
FAQ
What is CVE-2022-32169?
CVE-2022-32169 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is ...
How severe is CVE-2022-32169?
CVE-2022-32169 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32169?
Check the references section above for vendor advisories and patch information. Affected products include: Bytebase Bytebase.