Home > Vulnerability Database > CVE-2022-3019

Mend.io Vulnerability Database

CVE-2022-3019

Date: August 29, 2022

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).

Language: TYPE_SCRIPT

Severity Score

8.8

Related Resources (4)

Url: https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3019

Url: https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf

Url: https://www.mend.io/vulnerability-database/CVE-2022-3019

Severity Score

8.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3019

Date: August 29, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?