cvedb.io
CVE-2022-34775
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2022-08-22T15:15:16.347 · Last modified 2026-06-17T04:50:54.287

Summary

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.

Affected products

tabit — tabit

Does this affect you?

Add your gear to cvedb and we'll alert you only when tabit ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.