Описание
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.23.0 (исключая)
cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00335
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-284
CWE-639
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
CVSS3: 7.1
fstec
больше 3 лет назад
Уязвимость функции getComment() платформы для создания приложений ToolJet, позволяющая нарушителю повысить свои привилегии
EPSS
Процентиль: 56%
0.00335
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-284
CWE-639