ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HTooljet
APPTooljet0.5.0 – 1.2.2
Powiązane podatności
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passw...
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeove...
The forgot password token basically just makes us capable of taking over the account of whoever comment in an ...
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.