Plateforme
other
Composant
tooljet/tooljet
Corrigé dans
v1.26.1
CVE-2022-3422 is a critical vulnerability affecting Tooljet versions up to v1.26.1. This flaw allows attackers to take control of user accounts through password hash cracking and exploitation of the forgotten password token functionality. Successful exploitation can lead to unauthorized access to sensitive data and system compromise. The vulnerability has been fixed in version v1.26.1.
The core of this vulnerability lies in the insecure handling of password storage and the forgotten password reset process within Tooljet. An attacker can potentially obtain password hashes, which, if cracked, would grant them direct access to user accounts. Furthermore, the forgotten password token mechanism is vulnerable, allowing an attacker to intercept or manipulate tokens to reset passwords and gain control of accounts without user interaction. The blast radius extends to any data accessible within Tooljet, including sensitive business information, user credentials, and potentially integration keys for connected services. This vulnerability is particularly concerning given the increasing sophistication of password cracking techniques and the prevalence of account takeover attacks.
CVE-2022-3422 was publicly disclosed on 2022-10-07. The vulnerability's severity is high due to the potential for complete account takeover. No known active exploitation campaigns have been publicly reported at the time of this writing, but the availability of password cracking tools and the ease of exploiting the forgotten password token mechanism suggest a potential for future exploitation. It is not listed on the CISA KEV catalog as of this writing.
Organizations using Tooljet for data visualization and workflow automation are at risk, particularly those relying on default configurations or lacking robust password policies. Shared hosting environments where multiple Tooljet instances are deployed on the same infrastructure are also at increased risk, as a compromise of one instance could potentially lead to the compromise of others.
• linux / server:
journalctl -u tooljet | grep -i "password reset"• generic web:
curl -I https://<tooljet_url>/forgot-passwordInspect the response headers for any unusual or unexpected behavior. • generic web:
grep -r "password_reset_token" /var/log/nginx/access.logLook for patterns indicating potential token manipulation.
disclosure
Statut de l'Exploit
EPSS
0.34% (percentile 57%)
Vecteur CVSS
The primary mitigation for CVE-2022-3422 is to immediately upgrade Tooljet to version v1.26.1 or later. If upgrading is not immediately feasible due to compatibility concerns or downtime requirements, consider implementing temporary workarounds. Review and strengthen password policies, enforcing strong passwords and multi-factor authentication where possible. Monitor Tooljet logs for suspicious activity, particularly related to password reset requests and failed login attempts. While a direct WAF rule is unlikely to prevent the underlying vulnerability, rate limiting password reset requests could help mitigate automated exploitation attempts. There are no specific Sigma or YARA rules readily available for this vulnerability, emphasizing the importance of upgrading.
Actualice Tooljet a la versión 1.26.1 o superior. Esta versión corrige la vulnerabilidad de gestión de privilegios que permite la toma de control de cuentas. La actualización impedirá que los atacantes accedan a información sensible como contraseñas hash o tokens de restablecimiento de contraseña.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2022-3422 is a critical vulnerability in Tooljet versions up to v1.26.1 that allows attackers to take control of user accounts through password hash cracking and forgotten password token exploitation.
You are affected if you are using Tooljet versions prior to v1.26.1. Immediately check your Tooljet version and upgrade if necessary.
The recommended fix is to upgrade Tooljet to version v1.26.1 or later. If immediate upgrade is not possible, implement temporary workarounds like stronger password policies and monitoring.
While no active exploitation campaigns have been publicly reported, the vulnerability's nature and ease of exploitation suggest a potential for future attacks.
Refer to the Tooljet security advisory for detailed information and updates: [https://tooljet.com/security](https://tooljet.com/security)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.