Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in tooljet/tooljet
Vulnerability Description
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
ToolJet 访问控制错误漏洞
Vulnerability Description
ToolJet是ToolJet的一款用于构建业务应用程序的可扩展低代码框架。 ToolJet 存在访问控制错误漏洞,该漏洞源于通过遗忘密码令牌允许攻击者能够接管可以看到的应用程序中任何评论的帐户。
CVSS Information
N/A
Vulnerability Type
N/A