PT-2025-47340

Name of the Vulnerable Software and Affected Versions openml/openml.org web application version v2.0.20241110 Description The web application generates predictable tokens based on MD5 hashing for critical user actions, including signup confirmation, password resets, email confirmation resends, an...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira Service Management Server and Data Center. The vulnerability allows a malicious party able to obtain a user's signup token and thus obtain a user's signup token and thereby bypass authentication. To obtain a signup token, a malicious party must gain...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

Design/Logic Flaw

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...