CVE-2022-32170

Name of the Vulnerable Software and Affected Versions Bytebase (affected versions not specified)

Description The Bytebase application does not restrict low privilege users from accessing admin projects, allowing unauthorized users to view projects created by Admin. The affected endpoint is "/api/project?user=${userId}".

Recommendations For all affected versions, restrict access to the /api/project?user=${userId} endpoint to prevent low privilege users from accessing admin projects. As a temporary workaround, consider disabling the userId parameter in the affected API endpoint until a patch is available. Restrict access to admin projects to minimize the risk of exploitation.