Auto-merge PR#7464

2025-06-10 02:04:31 +00:00 · 2022-09-28 05:35:13 -04:00 · 2022-09-28 05:35:13 -04:00 · 51ade69b8d
commit 51ade69b8d
parent 66f8e77cd2 7368984e81
1 changed files with 79 additions and 14 deletions
--- a/2022/32xxx/CVE-2022-32169.json
+++ b/2022/32xxx/CVE-2022-32169.json
@ -1,18 +1,83 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32169",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32169",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
+    "TITLE" : "bytebase - Improper Authorization"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "bytebase",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "bytebase",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "0.1.0",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "1.0.4",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "NONE",
+      "confidentialityImpact" : "LOW",
+      "integrityImpact" : "NONE",
+      "privilegesRequired" : "LOW",
+      "scope" : "UNCHANGED",
+      "userInteraction" : "NONE",
+      "version" : 3.1,
+      "baseScore" : 4.3,
+      "baseSeverity" : "MEDIUM"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32169"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-285 Improper Authorization"
+      } ]
+    } ]
+  },
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }