Lucene search
K

88 matches found

Prion
Prion
added 2022/08/02 5:15 p.m.17 views

Improper access control

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...

6.5CVSS8.7AI score0.00958EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/02 4:5 p.m.36 views

CVE-2022-2631 Improper Access Control in tooljet/tooljet

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...

9.8CVSS8.9AI score0.00958EPSS
Exploits1References2
OSV
OSV
added 2022/08/02 4:5 p.m.20 views

CVE-2022-2631 Improper Access Control in tooljet/tooljet

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0...

9.8CVSS9.4AI score0.00958EPSS
Exploits1References4
CVE
CVE
added 2022/08/02 4:5 p.m.100 views

CVE-2022-2631

ToolJet (tooljet/tooljet) prior to v1.19.0 is affected by CVE-2022-2631 (Improper Access Control). Root cause: insufficient access checks in the ToolJet repository, enabling improper access control. Affected severity metrics indicate high impact to confidentiality, integrity, and availability (CV...

9.8CVSS8.8AI score0.00958EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.4 views

ToolJet 访问控制错误漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. An Access Control Error vulnerability exists in ToolJet versions prior to 1.19.0 that stems from incorrect access control...

9.8CVSS8.2AI score0.00958EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.8 views

PT-2022-17778 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to v1.19.0 Description: The issue is related to improper access control. Recommendations: For versions prior to v1.19.0, update to version v1.19.0 or later to resolve the issue...

9.8CVSS9.1AI score0.00958EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.3 views

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

9.8CVSS7.2AI score0.01081EPSS
Exploits1References3
NVD
NVD
added 2022/06/09 5:15 p.m.24 views

CVE-2022-2037

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

9.8CVSS0.01081EPSS
Exploits1References2
Prion
Prion
added 2022/06/09 5:15 p.m.19 views

Design/Logic Flaw

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

6CVSS7.9AI score0.01081EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/06/09 8:20 a.m.18 views

CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

9.8CVSS9AI score0.01081EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/09 8:20 a.m.28 views

CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...

9.8CVSS8.1AI score0.01081EPSS
Exploits1References2
CVE
CVE
added 2022/06/09 8:20 a.m.55 views

CVE-2022-2037

CVE-2022-2037 affects ToolJet (tooljet/tooljet) before v1.16.0. The vulnerability is described as an Excessive Attack Surface. Severity varies by source (NVD CVSS2/3.1 reports base scores up to 8.0/9.8 in CNA data). A fix exists in v1.16.0 and later; upgrade to 1.16.0+ to mitigate. Technical deta...

9.8CVSS8AI score0.01081EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

ToolJet 安全漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in ToolJet versions prior to v1.16.0...

9.8CVSS8.3AI score0.01081EPSS
Exploits1References3
CNVD
CNVD
added 2022/05/20 12:0 a.m.25 views

ToolJet Code Injection Vulnerability

A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...

3.5CVSS4.3AI score0.00588EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2022/05/20 12:0 a.m.19 views

ToolJet Information Disclosure Vulnerability

ToolJet is an extensible, low-code framework for building business applications from ToolJet. v0.5.0 to v1.2.2 of ToolJet is vulnerable to an information disclosure vulnerability that stems from a token leak in the application. An attacker could exploit the vulnerability to access a user's accoun...

6.8CVSS2.5AI score0.01251EPSS
Exploits1Affected Software1
NVD
NVD
added 2022/05/18 2:15 p.m.20 views

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

5.4CVSS0.00588EPSS
Exploits1References2
NVD
NVD
added 2022/05/18 2:15 p.m.32 views

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS0.01251EPSS
Exploits1References2
Prion
Prion
added 2022/05/18 2:15 p.m.15 views

Design/Logic Flaw

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

6.8CVSS8.7AI score0.01251EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/18 2:15 p.m.19 views

Input validation

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

3.5CVSS5.6AI score0.00588EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/18 11:45 a.m.69 views

CVE-2022-23068

CVE-2022-23068 affects ToolJet versions v0.6.0–v1.10.2. The issue is HTML injection in the invite-new-user flow: attacker-controlled first and last name fields can inject code that is reflected in the invitation email, due to insufficient input validation/filtering in those fields. Root cause cit...

5.4CVSS5.6AI score0.00588EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder