3 matches found
CVE-2022-3019
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one...
CVE-2022-3019
CVE-2022-3019 concerns ToolJet and is rooted in an improper access control flaw in the application’s comment handling. The available connected records describe an IDOR-style issue where the forgot-password token can be exposed via the comments subsystem (notably the getComment endpoint), enabling...
CVE-2022-3019 Improper Access Control in tooljet/tooljet
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one...