CVE-2022-32169

Published: Sep 28, 2022Modified: May 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.

Affected (1)

Products: Bytebase: Bytebase

Bytebase

1 product

Bytebase

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bytebase Bytebase	From 0.1.0 to 1.0.4

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187

Source: vulnerabilitylab@mend.io

https://www.mend.io/vulnerability-database/CVE-2022-32169

Source: vulnerabilitylab@mend.io

ExploitThird Party Advisory

https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mend.io/vulnerability-database/CVE-2022-32169

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.