exploitDog

CVE-2022-32170

Опубликовано: 28 сент. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.

Ссылки

https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197
https://www.mend.io/vulnerability-database/CVE-2022-32170
Exploit
Third Party Advisory
https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197
https://www.mend.io/vulnerability-database/CVE-2022-32170
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bytebase:bytebase:*:*:*:*:*:*:*:*

Версия от 0.1.0 (включая) до 1.0.4 (включая)

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-285

Связанные уязвимости

GHSA-9mmc-27gw-w6mq

CVSS3: 4.3

github

больше 3 лет назад

Bytebase allows low-privilege users to view admin projects

EPSS

Процентиль: 39%

0.00172

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-285