Go modules package
github.com/bytebase/bytebase
pkg:golang/github.com/bytebase/bytebase
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-32169 | — | >= 0.1.0, <= 1.0.4 | — | Sep 28, 2022 | The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. | ||
| CVE-2022-32170 | — | >= 0.1.0, <= 1.0.4 | — | Sep 28, 2022 | The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”. |
- CVE-2022-32169Sep 28, 2022affected >= 0.1.0, <= 1.0.4
The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
- CVE-2022-32170Sep 28, 2022affected >= 0.1.0, <= 1.0.4
The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.