88 matches found
Improper access control
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...
CVE-2022-2631 Improper Access Control in tooljet/tooljet
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...
CVE-2022-2631 Improper Access Control in tooljet/tooljet
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...
CVE-2022-2631
ToolJet (tooljet/tooljet) prior to v1.19.0 is affected by CVE-2022-2631 (Improper Access Control). Root cause: insufficient access checks in the ToolJet repository, enabling improper access control. Affected severity metrics indicate high impact to confidentiality, integrity, and availability (CV...
ToolJet 访问控制错误漏洞
ToolJet is an extensible low-code framework for building business applications from ToolJet. An Access Control Error vulnerability exists in ToolJet versions prior to 1.19.0 that stems from incorrect access control...
PT-2022-17778 · Tooljet · Tooljet
Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to v1.19.0 Description: The issue is related to improper access control. Recommendations: For versions prior to v1.19.0, update to version v1.19.0 or later to resolve the issue...
CVE-2022-2037
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...
CVE-2022-2037
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...
Design/Logic Flaw
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...
CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...
CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...
CVE-2022-2037
CVE-2022-2037 affects ToolJet (tooljet/tooljet) before v1.16.0. The vulnerability is described as an Excessive Attack Surface. Severity varies by source (NVD CVSS2/3.1 reports base scores up to 8.0/9.8 in CNA data). A fix exists in v1.16.0 and later; upgrade to 1.16.0+ to mitigate. Technical deta...
ToolJet 安全漏洞
ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in ToolJet versions prior to v1.16.0...
ToolJet Code Injection Vulnerability
A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...
ToolJet Information Disclosure Vulnerability
ToolJet is an extensible, low-code framework for building business applications from ToolJet. v0.5.0 to v1.2.2 of ToolJet is vulnerable to an information disclosure vulnerability that stems from a token leak in the application. An attacker could exploit the vulnerability to access a user's accoun...
CVE-2022-23068
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...
CVE-2022-23067
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
Design/Logic Flaw
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...
Input validation
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...
CVE-2022-23068
CVE-2022-23068 affects ToolJet versions v0.6.0–v1.10.2. The issue is HTML injection in the invite-new-user flow: attacker-controlled first and last name fields can inject code that is reflected in the invitation email, due to insufficient input validation/filtering in those fields. Root cause cit...