CVE-2022-32170

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-32170

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32170.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-32170

Aliases

GHSA-9mmc-27gw-w6mq

Published

2022-09-28T10:15:09.740Z

Modified

2026-04-10T04:58:27.794913Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.

References

Affected packages

Git / github.com/bytebase/bytebase

Affected ranges

Type

GIT

Repo

https://github.com/bytebase/bytebase

Events

Introduced

a95560a0eeedfc8b9b0f3178911f33c024aef67e

Last affected

0bf9494aa0527dee35390994c3c210d9a6c9ff46

Database specific

{
    "versions": [
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "1.0.4"
        }
    ]
}

Affected versions

0.*

0.1.0

0.10.0

0.2.0

0.2.1

0.3.0

0.4.0

0.4.1

0.5.0

0.6.0

0.7.0

0.7.2

0.8.0

0.8.1

0.9.0

1.*

1.0.0

1.0.3

1.0.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32170.json"