HIGH🇬🇧 English

CVE-2022-3019

CVSS 8.8v3.1pub. 2022-08-29upd. 2024-11-21

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Tooljet

    APP
    Tooljet
    < 1.23.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-27978HIGH7.5ten sam produkt

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passw...

CVE-2022-3422HIGH7.5ten sam produkt

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeove...

CVE-2022-2631HIGH8.8ten sam produkt

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.

CVE-2022-2037HIGH8.0ten sam produkt

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.

CVE-2022-23067HIGH8.8ten sam produkt

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account tak...

CVE-2022-3019 — HIGH 8.8 | CVEbaza.pl