5 matches found
Yelp: Unauthorized Reservation Cancellation Through IDOR Vulnerability
Vulnerability description not provided...
CVE-2022-34775
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...
Authentication flaw
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...
CVE-2022-34775 Tabit - Excessive data exposure
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...
CVE-2022-34775
Tabit vulnerability (CVE-2022-34775) involves excessive data exposure via an API endpoint used for reservation cancellation. The endpoint query http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} can return sensitive reservation data (name, email, phone, visit history, ...