MidnightBSD

Advisories for bytebase

CVE-2022-32169

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.

Products Affected

Vendor Product Version
bytebase bytebase *
CVE-2022-32170

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.

Products Affected

Vendor Product Version
bytebase bytebase *