Lucene search

[email protected]NVD:CVE-2022-27978

HistoryApr 26, 2023 - 4:15 p.m.

CVE-2022-27978

2023-04-2616:15:09

CWE-755

[email protected]

web.nvd.nist.gov

tooljet v1.6

api

vulnerability

passwords

http request

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.5%

JSON

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.

Affected configurations

NVD

Node

tooljettooljetMatch1.6

References

tooljet.com

github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for NVD:CVE-2022-27978

cvelist1 cve1 osv1 prion1 wallarmlab1