GHSA-5rc4-v5mj-g8c4

Source

https://github.com/advisories/GHSA-5rc4-v5mj-g8c4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-5rc4-v5mj-g8c4/GHSA-5rc4-v5mj-g8c4.json

Aliases

• CVE-2022-32169

Published

2022-09-29T00:00:27Z

Modified

2023-11-08T04:09:34.717933Z

Details

The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-32169
• https://github.com/bytebase/bytebase
• https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187
• https://www.mend.io/vulnerability-database/CVE-2022-32169