CVE-2022-34774 MEDIUM

CVE-2022-34774: Tabit - Arbitrary account modification

Vendor Tabit
Product Tabit
Published August 22, 2022
Last update September 17, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).

Key dates

02Disclosure timeline

August 22, 2022 CVE published
September 17, 2024 Record updated