CVE-2022-34775

Name of the Vulnerable Software and Affected Versions Tabit (affected versions not specified)

Description The issue concerns excessive data exposure through an API endpoint. Specifically, the endpoint for reservation cancellation contains the MongoDB ID of the reservation and organization, which can be used to query the "http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId}" API endpoint. This endpoint returns sensitive information about the reservation, including name, email, phone number, visit history, spending habits, and deposit details. This information can be exploited for phishing attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.