Improper Authorization

CVE-2022-32170

Medium

4.3/10

Summary

The "Bytebase" application does not restrict low privilege user to access admin "projects" for which an unauthorized user can view the "projects" created by "Admin" and the affected endpoint is "/api/project?user=${userId}".

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

Disclosure
Advisory

Advisory Timeline

Published Sep 28, 2022

Improper Authorization

CVE-2022-32170

Summary

CWE-285 - Improper Authorization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS