Description
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/a610300b-ce3c-4995-8337-11942b3621bf
Patch, Third Party Advisory x_refsource_misc
https://github.com/tooljet/tooljet/commit/45e0d3302d92df7d7f2d609c31cea71165600b79
Scores
CVSS v3
8.8
EPSS
0.0036
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
CWE-639
Status
published
Products (1)
tooljet/tooljet
< 1.23.0
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026