Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by tabit
CVE-2022-34772 (GCVE-0-2022-34772)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:42 – Updated: 2024-09-17 02:57
VLAI?
Title
Tabit - password enumeration
Summary
Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.
Severity ?
4.3 (Medium)
CWE
- password enumeration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "password enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:42:58.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0044"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - password enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34772",
"STATE": "PUBLIC",
"TITLE": "Tabit - password enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "password enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0044"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34772",
"datePublished": "2022-08-22T14:42:58.504Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:57:43.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34776 (GCVE-0-2022-34776)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:42 – Updated: 2024-09-16 18:23
VLAI?
Title
Tabit - giftcard stealth
Summary
Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a 'tiny URL' in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information.
Severity ?
5.5 (Medium)
CWE
- giftcard stealth
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-21 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a \u0027tiny URL\u0027 in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "giftcard stealth",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:42:38.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0048"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - giftcard stealth",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-21T11:14:00.000Z",
"ID": "CVE-2022-34776",
"STATE": "PUBLIC",
"TITLE": "Tabit - giftcard stealth"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a \u0027tiny URL\u0027 in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "giftcard stealth"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0048"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34776",
"datePublished": "2022-08-22T14:42:38.815Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:23:56.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34775 (GCVE-0-2022-34775)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:42 – Updated: 2024-09-17 04:09
VLAI?
Title
Tabit - Excessive data exposure
Summary
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.
Severity ?
6.3 (Medium)
CWE
- Excessive data exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive data exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:42:21.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0047"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - Excessive data exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34775",
"STATE": "PUBLIC",
"TITLE": "Tabit - Excessive data exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive data exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0047"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34775",
"datePublished": "2022-08-22T14:42:21.732Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:02.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34774 (GCVE-0-2022-34774)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:41 – Updated: 2024-09-17 03:55
VLAI?
Title
Tabit - Arbitrary account modification
Summary
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).
Severity ?
6.3 (Medium)
CWE
- Arbitrary account modification
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant\u0027s loyalty program. Possibly allowing account takeover (the mail can be used to reset password)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary account modification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:41:59.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0046"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - Arbitrary account modification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34774",
"STATE": "PUBLIC",
"TITLE": "Tabit - Arbitrary account modification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant\u0027s loyalty program. Possibly allowing account takeover (the mail can be used to reset password)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary account modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0046"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34774",
"datePublished": "2022-08-22T14:41:59.673Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:55:05.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34773 (GCVE-0-2022-34773)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:41 – Updated: 2024-09-16 18:49
VLAI?
Title
Tabit - HTTP Method manipulation
Summary
Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection.
Severity ?
4.9 (Medium)
CWE
- HTTP Method manipulation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:09.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 \u2013 Injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Method manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:41:38.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0045"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - HTTP Method manipulation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34773",
"STATE": "PUBLIC",
"TITLE": "Tabit - HTTP Method manipulation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 \u2013 Injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Method manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0045"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34773",
"datePublished": "2022-08-22T14:41:38.251Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:05.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34770 (GCVE-0-2022-34770)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:41 – Updated: 2024-09-17 04:24
VLAI?
Title
Tabit - sensitive information disclosure
Summary
Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number.
Severity ?
4.6 (Medium)
CWE
- sensitive information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API\u2019s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a \u2018tiny URL\u2019 in Tabit\u2019s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}\u0026healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "sensitive information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:41:16.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0042"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - sensitive information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34770",
"STATE": "PUBLIC",
"TITLE": "Tabit - sensitive information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API\u2019s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a \u2018tiny URL\u2019 in Tabit\u2019s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}\u0026healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "sensitive information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0042"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34770",
"datePublished": "2022-08-22T14:41:16.634Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:24:31.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34771 (GCVE-0-2022-34771)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:40 – Updated: 2024-09-16 20:48
VLAI?
Title
Tabit - arbitrary SMS send on Tabits behalf
Summary
Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.
Severity ?
5.5 (Medium)
CWE
- arbitrary SMS send on Tabits behalf
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2022-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:09.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tabit",
"vendor": "Tabit",
"versions": [
{
"lessThan": "3.27.0*",
"status": "affected",
"version": "3.27.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guy Ben Simhon - Noname Security"
}
],
"datePublic": "2022-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "arbitrary SMS send on Tabits behalf",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:40:51.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0043"
],
"discovery": "EXTERNAL"
},
"title": "Tabit - arbitrary SMS send on Tabits behalf",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-08-17T11:14:00.000Z",
"ID": "CVE-2022-34771",
"STATE": "PUBLIC",
"TITLE": "Tabit - arbitrary SMS send on Tabits behalf"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tabit",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "3.27.0",
"version_value": "3.27.0"
}
]
}
}
]
},
"vendor_name": "Tabit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Guy Ben Simhon - Noname Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary SMS send on Tabits behalf"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.27.0."
}
],
"source": {
"defect": [
"ILVN-2022-0043"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2022-34771",
"datePublished": "2022-08-22T14:40:51.365Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:48:05.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}