← back
CVE-2022-32169

bytebase - Improper Authorization

CVSS 4.3 MEDIUMEPSS 0.5%CWE-285
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
bytebase · bytebase

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187https://www.mend.io/vulnerability-database/CVE-2022-32169