{"vulnerability": "CVE-2022-2306", "sightings": [{"uuid": "7c344921-104f-431c-92e9-2b7ba375ee82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23067", "type": "seen", "source": "https://t.me/cibsecurity/42911", "content": "\u203c CVE-2022-23067 \u203c\n\nToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user\u00e2\u20ac\u2122s account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T18:28:37.000000Z"}, {"uuid": "3bd74345-6c61-4f4b-9ff9-577f17827b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23064", "type": "seen", "source": "https://t.me/itsec_news/625", "content": "\u200b\u2709\ufe0f \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Snipe-IT \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c-\u043b\u043e\u0432\u0443\u0448\u0435\u043a.\n\n\ud83d\udcac \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Snipe-IT. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f. Snipe-IT \u2014 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Grokability. \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u0430 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0437\u0430\u043c\u0435\u043d\u044b Excel-\u0442\u0430\u0431\u043b\u0438\u0446 \u0438 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 3,4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 6,7 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u0430\u043a\u0442\u0438\u0432\u043e\u0432.\n\n2-\u0433\u043e \u043c\u0430\u044f \u043f\u0440\u043e\u0435\u043a\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-23064 \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c CVSS 8.8. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430 \u0445\u043e\u0441\u0442\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430\u043c\u0438 \u0445\u043e\u0441\u0442\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0442 \u043f\u0440\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0432\u044f\u0437\u0438 \u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u043c, \u2014 \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u0435\u0431-\u043a\u044d\u0448\u0430, \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF) \u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 Snipe-IT CVE-2022-23064 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u0445\u043e\u0441\u0442\u043e\u0432 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0416\u0435\u0440\u0442\u0432\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438 \u043d\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0442\u043e\u043a\u0435\u043d\u044b \u0441\u0431\u0440\u043e\u0441\u0430 \u043f\u0430\u0440\u043e\u043b\u044f, \u0430 \u0441\u043b\u0435\u0434\u043e\u043c \u0438 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n#SnipeIT #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-05-06T16:38:12.000000Z"}, {"uuid": "de5d2983-871e-47be-a456-3a0debed3397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23068", "type": "seen", "source": "https://t.me/cibsecurity/42908", "content": "\u203c CVE-2022-23068 \u203c\n\nToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T18:28:33.000000Z"}, {"uuid": "c2a00fea-9cc4-4280-8474-7f59c27d159c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23066", "type": "seen", "source": "https://t.me/cibsecurity/42167", "content": "\u203c CVE-2022-23066 \u203c\n\nIn Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-09T12:31:06.000000Z"}, {"uuid": "0401919f-e69d-4e91-b304-56d456c64663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23063", "type": "seen", "source": "https://t.me/cibsecurity/41793", "content": "\u203c CVE-2022-23063 \u203c\n\nIn Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T12:28:32.000000Z"}, {"uuid": "93ea8c34-9ef0-4210-a0ca-32cbf38afb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23065", "type": "seen", "source": "https://t.me/cibsecurity/41717", "content": "\u203c CVE-2022-23065 \u203c\n\nIn Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the \u00e2\u20ac\u0153Assets\u00e2\u20ac\ufffd tab. The uploaded file will affect administrators as well as regular users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T16:27:52.000000Z"}, {"uuid": "6beec4e0-d825-47f6-9b8d-ba0eefd87df3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23064", "type": "seen", "source": "https://t.me/cibsecurity/41714", "content": "\u203c CVE-2022-23064 \u203c\n\nIn Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T16:27:48.000000Z"}, {"uuid": "cdf7e5ee-a8aa-43ab-b78b-ded32e5e0adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23061", "type": "seen", "source": "https://t.me/cibsecurity/41699", "content": "\u203c CVE-2022-23061 \u203c\n\nIn Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-01T16:26:56.000000Z"}, {"uuid": "418b655a-66d4-4b5e-b151-e160ccf0c362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23060", "type": "seen", "source": "https://t.me/cibsecurity/41697", "content": "\u203c CVE-2022-23060 \u203c\n\nA Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the \u00e2\u20ac\u0153Manage files\u00e2\u20ac\ufffd tab\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-01T16:26:53.000000Z"}]}