CVE-2022-34775
Last modified
CVE-2022-34775 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tabit | Tabit | < 3.27.0 |
References
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
- https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-34775?
How severe is CVE-2022-34775?
How do I fix CVE-2022-34775?
Are you affected by CVE-2022-34775?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST