Vulnerability Description
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tooljet | Tooljet | >= 0.5.0, <= 1.2.2 |
Related Weaknesses (CWE)
References
- https://github.com/ToolJet/ToolJet/commit/eacbfc4c9da089ff9cda9edf8a1156390ae8a1PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23067ExploitThird Party Advisory
- https://github.com/ToolJet/ToolJet/commit/eacbfc4c9da089ff9cda9edf8a1156390ae8a1PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23067ExploitThird Party Advisory
FAQ
What is CVE-2022-23067?
CVE-2022-23067 is a vulnerability with a CVSS score of 8.8 (HIGH). ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external link...
How severe is CVE-2022-23067?
CVE-2022-23067 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23067?
Check the references section above for vendor advisories and patch information. Affected products include: Tooljet Tooljet.