CVE-2022-3348
Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet
Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
tooljet · tooljet/tooljetWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →