CVE-2022-34774 Information

Description

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL was a page where an adversary can modify personal details such as email addresses and phone numbers of a specific user in a restaurant’s loyalty program. Possibly allowing account takeover (the mail can be used to reset password).

Reference

https://www.gov.il/en/departments/faq/cve_advisories