Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for bytebase by bytebase

    CVE-2022-32170 (GCVE-0-2022-32170)

    Vulnerability from nvd – Published: 2022-09-28 09:30 – Updated: 2025-05-21 14:05
    VLAI
    Title
    bytebase - Improper Authorization
    Summary
    The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    bytebase bytebase Affected: 0.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 1.0.4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-21 00:00
    Credits
    Mend Vulnerability Research Team (MVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32170",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T14:05:20.757119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:05:26.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bytebase",
              "vendor": "bytebase",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mend Vulnerability Research Team (MVR)"
            }
          ],
          "datePublic": "2022-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": 3.1
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T09:30:17.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
            }
          ],
          "source": {
            "advisory": "https://www.mend.io/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "bytebase - Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
              "ID": "CVE-2022-32170",
              "STATE": "PUBLIC",
              "TITLE": "bytebase - Improper Authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "bytebase",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bytebase"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mend Vulnerability Research Team (MVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": 3.1
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
                  "refsource": "MISC",
                  "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
                },
                {
                  "name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197",
                  "refsource": "MISC",
                  "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
                }
              ]
            },
            "source": {
              "advisory": "https://www.mend.io/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-32170",
        "datePublished": "2022-09-28T09:30:18.081Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-21T14:05:26.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32169 (GCVE-0-2022-32169)

    Vulnerability from nvd – Published: 2022-09-28 09:30 – Updated: 2025-05-21 13:57
    VLAI
    Title
    bytebase - Improper Authorization
    Summary
    The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    bytebase bytebase Affected: 0.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 1.0.4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-21 00:00
    Credits
    Mend Vulnerability Research Team (MVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:55.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32169",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T13:56:20.037399Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T13:57:27.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bytebase",
              "vendor": "bytebase",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mend Vulnerability Research Team (MVR)"
            }
          ],
          "datePublic": "2022-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": 3.1
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T09:30:23.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
            }
          ],
          "source": {
            "advisory": "https://www.mend.io/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "bytebase - Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
              "ID": "CVE-2022-32169",
              "STATE": "PUBLIC",
              "TITLE": "bytebase - Improper Authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "bytebase",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bytebase"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mend Vulnerability Research Team (MVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": 3.1
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mend.io/vulnerability-database/CVE-2022-32169",
                  "refsource": "MISC",
                  "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
                },
                {
                  "name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187",
                  "refsource": "MISC",
                  "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
                }
              ]
            },
            "source": {
              "advisory": "https://www.mend.io/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-32169",
        "datePublished": "2022-09-28T09:30:23.675Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-21T13:57:27.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32169 (GCVE-0-2022-32169)

    Vulnerability from cvelistv5 – Published: 2022-09-28 09:30 – Updated: 2025-05-21 13:57
    VLAI
    Title
    bytebase - Improper Authorization
    Summary
    The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    bytebase bytebase Affected: 0.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 1.0.4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-21 00:00
    Credits
    Mend Vulnerability Research Team (MVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:55.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32169",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T13:56:20.037399Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T13:57:27.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bytebase",
              "vendor": "bytebase",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mend Vulnerability Research Team (MVR)"
            }
          ],
          "datePublic": "2022-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": 3.1
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T09:30:23.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
            }
          ],
          "source": {
            "advisory": "https://www.mend.io/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "bytebase - Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
              "ID": "CVE-2022-32169",
              "STATE": "PUBLIC",
              "TITLE": "bytebase - Improper Authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "bytebase",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bytebase"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mend Vulnerability Research Team (MVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": 3.1
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mend.io/vulnerability-database/CVE-2022-32169",
                  "refsource": "MISC",
                  "url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
                },
                {
                  "name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187",
                  "refsource": "MISC",
                  "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
                }
              ]
            },
            "source": {
              "advisory": "https://www.mend.io/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-32169",
        "datePublished": "2022-09-28T09:30:23.675Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-21T13:57:27.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32170 (GCVE-0-2022-32170)

    Vulnerability from cvelistv5 – Published: 2022-09-28 09:30 – Updated: 2025-05-21 14:05
    VLAI
    Title
    bytebase - Improper Authorization
    Summary
    The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    bytebase bytebase Affected: 0.1.0 , < unspecified (custom)
    Affected: unspecified , ≤ 1.0.4 (custom)
    Create a notification for this product.
    Date Public
    2022-09-21 00:00
    Credits
    Mend Vulnerability Research Team (MVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32170",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T14:05:20.757119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-21T14:05:26.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bytebase",
              "vendor": "bytebase",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mend Vulnerability Research Team (MVR)"
            }
          ],
          "datePublic": "2022-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": 3.1
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-28T09:30:17.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
            }
          ],
          "source": {
            "advisory": "https://www.mend.io/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "bytebase - Improper Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
              "ID": "CVE-2022-32170",
              "STATE": "PUBLIC",
              "TITLE": "bytebase - Improper Authorization"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "bytebase",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0.1.0"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "bytebase"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mend Vulnerability Research Team (MVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": 3.1
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
                  "refsource": "MISC",
                  "url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
                },
                {
                  "name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197",
                  "refsource": "MISC",
                  "url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
                }
              ]
            },
            "source": {
              "advisory": "https://www.mend.io/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-32170",
        "datePublished": "2022-09-28T09:30:18.081Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2025-05-21T14:05:26.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }