GSA_kwCzR0hTQS01cmM0LXY1bWotZzhjNM4AAvHH

Moderate EPSS: 0.00172% (0.38937 Percentile) EPSS:

Permalink JSON

Bytebase does not restrict low privilege user to access admin issues

Affected Packages	Affected Versions	Fixed Versions
go:github.com/bytebase/bytebase PURL: `pkg:go/github.com%2Fbytebase%2Fbytebase`	>= 0.1.0, <= 1.0.4	No known fixed version
2 Dependent packages 1 Dependent repositories Affected Version Ranges All affected versions v1.0.0, v1.0.1, v1.0.2

The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-32169
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187
https://www.mend.io/vulnerability-database/CVE-2022-32169
https://github.com/advisories/GHSA-5rc4-v5mj-g8c4

Identifiers

GHSA-5rc4-v5mj-g8c4

CVE-2022-32169

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00172

EPSS Percentile: 0.38937

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bytebase/bytebase

Date and time

Published

about 3 years ago

Updated

16 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories