{"id":"GHSA-5rc4-v5mj-g8c4","summary":"Bytebase does not restrict low privilege user to access admin issues","details":"The `Bytebase` application does not restrict low privilege user to access `admin issues` for which an unauthorized user can view the `OPEN` and `CLOSED` issues by `Admin` and the affected endpoint is `/issue`.","aliases":["CVE-2022-32169"],"modified":"2023-11-08T04:09:34.717933Z","published":"2022-09-29T00:00:27Z","database_specific":{"github_reviewed_at":"2022-10-04T21:42:30Z","severity":"MODERATE","cwe_ids":["CWE-732"],"nvd_published_at":"2022-09-28T10:15:00Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32169"},{"type":"PACKAGE","url":"https://github.com/bytebase/bytebase"},{"type":"WEB","url":"https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-#L187"},{"type":"WEB","url":"https://www.mend.io/vulnerability-database/CVE-2022-32169"}],"affected":[{"package":{"name":"github.com/bytebase/bytebase","ecosystem":"Go","purl":"pkg:golang/github.com/bytebase/bytebase"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.1.0"},{"last_affected":"1.0.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-5rc4-v5mj-g8c4/GHSA-5rc4-v5mj-g8c4.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}