CVE-2022-2037 - OpenCVE

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tooljet	Tooljet

Configuration 1 [-]

cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b	Patch Third Party Advisory
https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-06-09T08:20:12

Updated: 2022-06-09T08:20:12

Reserved: 2022-06-09T00:00:00

Link: CVE-2022-2037

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-09T17:15:09.760

Modified: 2022-06-15T21:10:46.903

Link: CVE-2022-2037

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "tooljet/tooljet", "vendor": "tooljet", "versions": [{"lessThan": "v1.16.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1125", "description": "CWE-1125 Excessive Attack Surface", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-09T08:20:12", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"}], "source": {"advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e", "discovery": "EXTERNAL"}, "title": "Excessive Attack Surface in tooljet/tooljet", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2037", "STATE": "PUBLIC", "TITLE": "Excessive Attack Surface in tooljet/tooljet"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tooljet/tooljet", "version": {"version_data": [{"version_affected": "<", "version_value": "v1.16.0"}]}}]}, "vendor_name": "tooljet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1125 Excessive Attack Surface"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"}, {"name": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b", "refsource": "MISC", "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"}]}, "source": {"advisory": "4431ef84-93f2-4bc5-bc1a-97d7f229b28e", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2037", "datePublished": "2022-06-09T08:20:12", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2022-06-09T08:20:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tooljet:tooljet:*:*:*:*:*:*:*:*", "matchCriteriaId": "798670D5-9034-4AF1-85F7-C21675CBF30B", "versionEndExcluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0."}, {"lang": "es", "value": "Una Superficie de Ataque Excesiva en el repositorio de GitHub tooljet/tooljet versiones anteriores a v1.16.0"}], "id": "CVE-2022-2037", "lastModified": "2022-06-15T21:10:46.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-09T17:15:09.760", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4431ef84-93f2-4bc5-bc1a-97d7f229b28e"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1125"}], "source": "security@huntr.dev", "type": "Secondary"}]}