Improper Authorization in bytebase/bytebase
Feb 2nd 2022
Hello bytebase team, there is an improper privilege management in bytebase source code. This allows a user to view another user inbox.
Proof of Concept
- Install bytebase, create new user
- Login as user1, go to this link
user-idto id of user2.
- See that user1 can view user2 inbox.
This vulnerability is capable of allowing a user to view another user inbox.