Add CVE-2022-32170

2025-06-12 02:05:39 +00:00 · 2022-09-28 12:26:25 +03:00 · 2022-09-28 12:26:25 +03:00 · d28d925349
commit d28d925349
parent c9c82d8d96
1 changed files with 79 additions and 14 deletions
--- a/2022/32xxx/CVE-2022-32170.json
+++ b/2022/32xxx/CVE-2022-32170.json
@ -1,18 +1,83 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-32170",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+  "CVE_data_meta" : {
+    "ASSIGNER" : "vulnerabilitylab@mend.io",
+    "ID" : "CVE-2022-32170",
+    "STATE" : "PUBLIC",
+    "DATE_PUBLIC" : "Sep 21, 2022, 12:00:00 AM",
+    "TITLE" : "bytebase - Improper Authorization"
+  },
+  "affects" : {
+    "vendor" : {
+      "vendor_data" : [ {
+        "vendor_name" : "bytebase",
+        "product" : {
+          "product_data" : [ {
+            "product_name" : "bytebase",
+            "version" : {
+              "version_data" : [ {
+                "version_value" : "0.1.0",
+                "version_affected" : ">="
+              }, {
+                "version_value" : "1.0.4",
+                "version_affected" : "<="
+              } ]
            }
-        ]
+          } ]
+        }
+      } ]
    }
+  },
+  "credit" : [ {
+    "lang" : "eng",
+    "value" : "Mend Vulnerability Research Team (MVR)"
+  } ],
+  "data_format" : "MITRE",
+  "data_type" : "CVE",
+  "data_version" : "4.0",
+  "description" : {
+    "description_data" : [ {
+      "lang" : "eng",
+      "value" : "The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”."
+    } ]
+  },
+  "generator" : {
+    "engine" : "Vulnogram 0.0.9"
+  },
+  "impact" : {
+    "cvss" : {
+      "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+      "attackComplexity" : "LOW",
+      "attackVector" : "NETWORK",
+      "availabilityImpact" : "NONE",
+      "confidentialityImpact" : "LOW",
+      "integrityImpact" : "NONE",
+      "privilegesRequired" : "LOW",
+      "scope" : "UNCHANGED",
+      "userInteraction" : "NONE",
+      "version" : 3.1,
+      "baseScore" : 4.3,
+      "baseSeverity" : "MEDIUM"
+    }
+  },
+  "references" : {
+    "reference_data" : [ {
+      "refsource" : "MISC",
+      "url" : "https://www.mend.io/vulnerability-database/CVE-2022-32170"
+    }, {
+      "refsource" : "CONFIRM",
+      "url" : "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197"
+    } ]
+  },
+  "problemtype" : {
+    "problemtype_data" : [ {
+      "description" : [ {
+        "lang" : "eng",
+        "value" : "CWE-285 Improper Authorization"
+      } ]
+    } ]
+  },
+  "source" : {
+    "advisory" : "https://www.mend.io/vulnerability-database/",
+    "discovery" : "UNKNOWN"
+  }
 }