{"containers":{"cna":{"affected":[{"product":"bytebase","vendor":"bytebase","versions":[{"lessThan":"unspecified","status":"affected","version":"0.1.0","versionType":"custom"},{"lessThanOrEqual":"1.0.4","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Mend Vulnerability Research Team (MVR)"}],"datePublic":"2022-09-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”."}],"metrics":[{"other":{"content":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":3.1},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-285","description":"CWE-285 Improper Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-09-28T09:30:23.000Z","orgId":"478c68dd-22c1-4a41-97cd-654224dfacff","shortName":"Mend"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.mend.io/vulnerability-database/CVE-2022-32169"},{"tags":["x_refsource_MISC"],"url":"https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}],"source":{"advisory":"https://www.mend.io/vulnerability-database/","discovery":"UNKNOWN"},"title":"bytebase - Improper Authorization","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"vulnerabilitylab@whitesourcesoftware.com","DATE_PUBLIC":"Sep 21, 2022, 12:00:00 AM","ID":"CVE-2022-32169","STATE":"PUBLIC","TITLE":"bytebase - Improper Authorization"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"bytebase","version":{"version_data":[{"version_affected":">=","version_value":"0.1.0"},{"version_affected":"<=","version_value":"1.0.4"}]}}]},"vendor_name":"bytebase"}]}},"credit":[{"lang":"eng","value":"Mend Vulnerability Research Team (MVR)"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":3.1}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285 Improper Authorization"}]}]},"references":{"reference_data":[{"name":"https://www.mend.io/vulnerability-database/CVE-2022-32169","refsource":"MISC","url":"https://www.mend.io/vulnerability-database/CVE-2022-32169"},{"name":"https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187","refsource":"MISC","url":"https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}]},"source":{"advisory":"https://www.mend.io/vulnerability-database/","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T07:32:55.979Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.mend.io/vulnerability-database/CVE-2022-32169"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/issue.ts#L108-L187"}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-21T13:56:20.037399Z","id":"CVE-2022-32169","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-21T13:57:27.821Z"}}]},"cveMetadata":{"assignerOrgId":"478c68dd-22c1-4a41-97cd-654224dfacff","assignerShortName":"Mend","cveId":"CVE-2022-32169","datePublished":"2022-09-28T09:30:23.675Z","dateReserved":"2022-05-31T00:00:00.000Z","dateUpdated":"2025-05-21T13:57:27.821Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}