Vulnerability Description
Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a 'tiny URL' in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tabit | Tabit | < 3.27.0 |
Related Weaknesses (CWE)
References
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
FAQ
What is CVE-2022-34776?
CVE-2022-34776 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption a...
How severe is CVE-2022-34776?
CVE-2022-34776 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-34776?
Check the references section above for vendor advisories and patch information. Affected products include: Tabit Tabit.