GHSA-5rc4-v5mj-g8c4

Опубликовано: 29 сент. 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Bytebase does not restrict low privilege user to access admin issues

The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue.

Ссылки

Пакеты

Наименование

github.com/bytebase/bytebase

Затронутые версииВерсия исправления

>= 0.1.0, <= 1.0.4

Отсутствует

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-32169

Дефекты

CWE-732

Связанные уязвимости

CVE-2022-32169

CVSS3: 4.3

nvd

больше 3 лет назад

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-32169

Дефекты

CWE-732