First published: Mon Aug 29 2022(Updated: )
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Tooljet Tooljet | <1.23.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-3019.
CVE-2022-3019 has a severity rating of 8.8 (high).
CVE-2022-3019 affects Tooljet Tooljet versions up to 1.23.0.
The vulnerability can be exploited by using the forgot password token to take over the account of a user who has commented in the app.
While brute-forcing comment IDs might be an option, it is not reliable as it would take a long time to find a valid one.