CVE-2022-3019 Vulnerability Details

  /     /     /  

CVE-2022-3019 Metadata Quick Info

CVE Published: 29/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: @huntrdev | Vendor: tooljet | Product: tooljet/tooljet
Status : PUBLISHED

---

CVE-2022-3019 Description

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id\'s might also be an option but I wouldn\'t count on it, since it would take a long time to find a valid one).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284 Improper Access Control
Source: tooljet

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).