CVE-2022-32169

Published Sep 28, 2022

Last updated a year ago

Overview

Description: The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
Source: vulnerabilitylab@mend.io
NVD status: Modified

Weaknesses

nvd@nist.gov: CWE-732
vulnerabilitylab@mend.io: CWE-285

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bytebase:bytebase:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58D2B448-3301-48A8-8796-C8FDA52268A6",
            "versionEndIncluding": "1.0.4",
            "versionStartIncluding": "0.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2022-32169
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187
https://www.mend.io/vulnerability-database/CVE-2022-32169

Overview

Weaknesses

Social media

Configurations

References