CVE-2022-3019

EUVD-2022-42454
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
@huntrdevCNA
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
tooljettooljet
𝑥
< 1.23.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79
https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf
https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79
https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf