exploitDog

CVE-2022-34774

Опубликовано: 22 авг. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 5.3

EPSS Низкий

Описание

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).

Ссылки

https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/departments/faq/cve_advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tabit:tabit:*:*:*:*:*:*:*:*

Версия до 3.27.0 (исключая)

EPSS

Процентиль: 44%

0.0022

Низкий

6.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8wr9-j43r-pc9h

CVSS3: 5.3

github

больше 3 лет назад

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).

EPSS

Процентиль: 44%

0.0022

Низкий

6.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo