The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue.
Bytebase
admin issues
OPEN
CLOSED
Admin
/issue