CVE-2022-3422

ToolJet/ToolJet

on github

Published

October 7, 2022

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

N/A

Description

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgot_password_token the hacker can send the request and changed the pass

References

https://huntr.dev/bounties/02da53ab-f613-4171-8766-96b31c671551
https://github.com/tooljet/tooljet/commit/7879d8a76000c014533a97a22bc276afe3ae3e54

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:tooljet:tooljet::::::::	n/a	1.26.1	*

External Links

NVD - CVE-2022-3422