VYPR
Unrated severityNVD Advisory· Published May 18, 2022· Updated Sep 16, 2024

ToolJet - Token Leakage via Referer Header

CVE-2022-23067

Description

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ToolJet/ToolJetllm-fuzzy2 versions
    >=v0.5.0 <=v1.2.2+ 1 more
    • (no CPE)range: >=v0.5.0 <=v1.2.2
    • (no CPE)range: 0.5.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.