Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCD
Published: 2022-08-22T14:42:21.732388Z
Updated: 2024-09-17T04:09:02.934Z
Reserved: 2022-06-29T00:00:00
Link: CVE-2022-34775
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-22T15:15:16.347
Modified: 2024-11-21T07:10:09.667
Link: CVE-2022-34775
Redhat
No data.