Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2022-08-22T14:42:21.732388Z

Updated: 2024-09-17T04:09:02.934Z

Reserved: 2022-06-29T00:00:00

Link: CVE-2022-34775

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-22T15:15:16.347

Modified: 2024-11-21T07:10:09.667

Link: CVE-2022-34775

cve-icon Redhat

No data.