← voltar
CVE-2022-32170

bytebase - Improper Authorization

CVSS 4.3 MEDIUMEPSS 0.5%CWE-285
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
bytebase · bytebase

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197https://www.mend.io/vulnerability-database/CVE-2022-32170