{"vulnerability": "CVE-2022-23067", "sightings": [{"uuid": "7c344921-104f-431c-92e9-2b7ba375ee82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23067", "type": "seen", "source": "https://t.me/cibsecurity/42911", "content": "\u203c CVE-2022-23067 \u203c\n\nToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user\u00e2\u20ac\u2122s account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T18:28:37.000000Z"}]}