The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/bytebase/bytebase(Go) | 0.1.0 | N/A | N/A |
CVSS Metrics
