cvelist/2022/32xxx/CVE-2022-32170.json

{
  "CVE_data_meta" : {
    "ASSIGNER" : "vulnerabilitylab@mend.io",
    "ID" : "CVE-2022-32170",
    "STATE" : "PUBLIC",
    "DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
    "TITLE" : "bytebase - Improper Authorization"
  },
  "affects" : {
    "vendor" : {
      "vendor_data" : [ {
        "vendor_name" : "bytebase",
        "product" : {
          "product_data" : [ {
            "product_name" : "bytebase",
            "version" : {
              "version_data" : [ {
                "version_value" : "0.1.0",
                "version_affected" : ">="
              }, {
                "version_value" : "1.0.4",
                "version_affected" : "<="
              } ]
            }
          } ]
        }
      } ]
    }
  },
  "credit" : [ {
    "lang" : "eng",
    "value" : "Mend Vulnerability Research Team (MVR)"
  } ],
  "data_format" : "MITRE",
  "data_type" : "CVE",
  "data_version" : "4.0",
  "description" : {
    "description_data" : [ {
      "lang" : "eng",
      "value" : "The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”."
    } ]
  },
  "generator" : {
    "engine" : "Vulnogram 0.0.9"
  },
  "impact" : {
    "cvss" : {
      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "attackComplexity" : "LOW",
      "attackVector" : "NETWORK",
      "availabilityImpact" : "NONE",
      "confidentialityImpact" : "LOW",
      "integrityImpact" : "NONE",
      "privilegesRequired" : "LOW",
      "scope" : "UNCHANGED",
      "userInteraction" : "NONE",
      "version" : 3.1,
      "baseScore" : 4.3,
      "baseSeverity" : "MEDIUM"
    }
  },
  "references" : {
    "reference_data" : [ {
      "refsource" : "MISC",
      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32170"
    }, {
      "refsource" : "CONFIRM",
      "url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197"
    } ]
  },
  "problemtype" : {
    "problemtype_data" : [ {
      "description" : [ {
        "lang" : "eng",
        "value" : "CWE-285 Improper Authorization"
      } ]
    } ]
  },
  "source" : {
    "advisory" : "https://www.mend.io/vulnerability-database/",
    "discovery" : "UNKNOWN"
  }
}
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`{`
Add CVE-2022-32170 2022-09-28 12:26:25 +03:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "vulnerabilitylab@mend.io",`
			`"ID" : "CVE-2022-32170",`
			`"STATE" : "PUBLIC",`
			`"DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",`
			`"TITLE" : "bytebase - Improper Authorization"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [ {`
			`"vendor_name" : "bytebase",`
			`"product" : {`
			`"product_data" : [ {`
			`"product_name" : "bytebase",`
			`"version" : {`
			`"version_data" : [ {`
			`"version_value" : "0.1.0",`
			`"version_affected" : ">="`
			`}, {`
			`"version_value" : "1.0.4",`
			`"version_affected" : "<="`
			`} ]`
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`}`
Add CVE-2022-32170 2022-09-28 12:26:25 +03:00			`} ]`
			`}`
			`} ]`
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`}`
Add CVE-2022-32170 2022-09-28 12:26:25 +03:00			`},`
			`"credit" : [ {`
			`"lang" : "eng",`
			`"value" : "Mend Vulnerability Research Team (MVR)"`
			`} ],`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [ {`
			`"lang" : "eng",`
			`"value" : "The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”."`
			`} ]`
			`},`
			`"generator" : {`
			`"engine" : "Vulnogram 0.0.9"`
			`},`
			`"impact" : {`
			`"cvss" : {`
			`"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "NONE",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "UNCHANGED",`
			`"userInteraction" : "NONE",`
			`"version" : 3.1,`
			`"baseScore" : 4.3,`
			`"baseSeverity" : "MEDIUM"`
			`}`
			`},`
			`"references" : {`
			`"reference_data" : [ {`
			`"refsource" : "MISC",`
			`"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32170"`
			`}, {`
			`"refsource" : "CONFIRM",`
			`"url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197"`
			`} ]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [ {`
			`"description" : [ {`
			`"lang" : "eng",`
			`"value" : "CWE-285 Improper Authorization"`
			`} ]`
			`} ]`
			`},`
			`"source" : {`
			`"advisory" : "https://www.mend.io/vulnerability-database/",`
			`"discovery" : "UNKNOWN"`
			`}`
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`}`