CVE-2022-32170

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197", "name": "https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-#L197", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.mend.io/vulnerability-database/CVE-2022-32170", "name": "https://www.mend.io/vulnerability-database/CVE-2022-32170", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The \u201cBytebase\u201d application does not restrict low privilege user to access admin \u201cprojects\u201c for which an unauthorized user can view the \u201cprojects\u201c created by \u201cAdmin\u201d and the affected endpoint is \u201c/api/project?user=${userId}\u201d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-285"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-32170", "ASSIGNER": "vulnerabilitylab@mend.io"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2022-09-28T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bytebase:bytebase:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.4", "versionStartIncluding": "0.1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-03T18:41Z"}