admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-321xx/CVE-2022-32170.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

76 lines
2.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-32170",
"sourceIdentifier": "vulnerabilitylab@mend.io",
"published": "2022-09-28T10:15:09.740",
"lastModified": "2024-11-21T07:05:52.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n \"Bytebase\" no restringe a usuarios poco privilegiados el acceso a \"projects\" del administrador, por lo que un usuario no autorizado puede visualizar \"projects\" creados por \"Admin\" y el endpoint afectado es \"/api/project?user=${userId}\""
}
],
"metrics": {},
"weaknesses": [
{
"source": "vulnerabilitylab@mend.io",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bytebase:bytebase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.1.0",
"versionEndIncluding": "1.0.4",
"matchCriteriaId": "58D2B448-3301-48A8-8796-C8FDA52268A6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197",
"source": "vulnerabilitylab@mend.io"
},
{
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
"source": "vulnerabilitylab@mend.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink