Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ToolJet - Token Leakage via Referer Header
Vulnerability Description
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
ToolJet 信息泄露漏洞
Vulnerability Description
ToolJet是ToolJet的一款用于构建业务应用程序的可扩展低代码框架。 ToolJet 版本 v0.5.0 到 v1.2.2存在信息泄露漏洞,该漏洞源于应用中存在令牌泄漏问题。攻击者可以通过Referer利用该漏洞访问用户的账户。
CVSS Information
N/A
Vulnerability Type
N/A