Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by bytebase
CVE-2022-32169 (GCVE-0-2022-32169)
Vulnerability from cvelistv5 – Published: 2022-09-28 09:30 – Updated: 2025-05-21 13:57
VLAI?
Title
bytebase - Improper Authorization
Summary
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2022-09-21 00:00
Credits
Mend Vulnerability Research Team (MVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32169",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:56:20.037399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:57:27.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bytebase",
"vendor": "bytebase",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"datePublic": "2022-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": 3.1
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T09:30:23.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "bytebase - Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
"ID": "CVE-2022-32169",
"STATE": "PUBLIC",
"TITLE": "bytebase - Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bytebase",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.1.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.0.4"
}
]
}
}
]
},
"vendor_name": "bytebase"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access \u201cadmin issues\u201c for which an unauthorized user can view the \u201cOPEN\u201d and \u201cCLOSED\u201d issues by \u201cAdmin\u201d and the affected endpoint is \u201c/issue\u201d."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": 3.1
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32169",
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32169"
},
{
"name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187",
"refsource": "MISC",
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-32169",
"datePublished": "2022-09-28T09:30:23.675Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-05-21T13:57:27.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32170 (GCVE-0-2022-32170)
Vulnerability from cvelistv5 – Published: 2022-09-28 09:30 – Updated: 2025-05-21 14:05
VLAI?
Title
bytebase - Improper Authorization
Summary
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
Severity ?
No CVSS data available.
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Date Public ?
2022-09-21 00:00
Credits
Mend Vulnerability Research Team (MVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32170",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:05:20.757119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:05:26.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bytebase",
"vendor": "bytebase",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"datePublic": "2022-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": 3.1
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T09:30:17.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "bytebase - Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "Sep 21, 2022, 12:00:00 AM",
"ID": "CVE-2022-32170",
"STATE": "PUBLIC",
"TITLE": "bytebase - Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bytebase",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.1.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.0.4"
}
]
}
}
]
},
"vendor_name": "bytebase"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": 3.1
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170"
},
{
"name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197",
"refsource": "MISC",
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197"
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-32170",
"datePublished": "2022-09-28T09:30:18.081Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:05:26.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}