CVE-2022-32170

Published: Sep 28, 2022Modified: May 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.

Affected (1)

Products: Bytebase: Bytebase

Bytebase

1 product

Bytebase

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bytebase Bytebase	From 0.1.0 to 1.0.4

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197

Source: vulnerabilitylab@mend.io

https://www.mend.io/vulnerability-database/CVE-2022-32170

Source: vulnerabilitylab@mend.io

ExploitThird Party Advisory

https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mend.io/vulnerability-database/CVE-2022-32170

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.