The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.CreditsMend Vulnerability Research Team (MVR)Referenceshttps://www.mend.io/vulnerability-database/CVE-2022-32170https://github.com/bytebase/bytebase/blob/1.0.4/frontend/src/store/modules/project.ts#L166-L197
