Login Sign Up

CVE-2022-2037

8.0 HIGH

📋 TL;DR

CVE-2022-2037 is an excessive attack surface vulnerability in ToolJet versions prior to v1.16.0 that exposes unnecessary endpoints and functionality. This allows attackers to potentially discover and exploit other vulnerabilities through exposed attack vectors. Organizations running ToolJet instances are affected.

💻 Affected Systems

Products:
  • ToolJet
Versions: All versions prior to v1.16.0
Operating Systems: All platforms running ToolJet
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable.

📦 What is this software?

Tooljet by Tooljet

View all CVEs affecting Tooljet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could chain this vulnerability with other exploits to achieve remote code execution, data exfiltration, or complete system compromise.

🟠

Likely Case

Attackers use exposed endpoints to discover additional vulnerabilities, perform reconnaissance, and potentially gain unauthorized access to application functionality.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure about available endpoints.

🌐 Internet-Facing: HIGH - Internet-facing ToolJet instances expose unnecessary attack surface directly to potential attackers.
🏢 Internal Only: MEDIUM - Internal instances still pose risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability exposes endpoints that could be discovered through simple enumeration techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.16.0

Vendor Advisory: https://github.com/tooljet/tooljet/commit/fadf025365823cbbc739a1313791c0a04621972b

Restart Required: Yes

Instructions:

1. Backup your ToolJet instance. 2. Update to ToolJet v1.16.0 or later using your deployment method (Docker, Kubernetes, etc.). 3. Restart the ToolJet service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to ToolJet instances using firewalls or network security groups.

Reverse Proxy Configuration

all

Configure reverse proxy to filter and limit exposed endpoints.

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to ToolJet instances
  • Deploy web application firewall (WAF) with rules to block suspicious endpoint enumeration

🔍 How to Verify

Check if Vulnerable:

Check ToolJet version via web interface or API. Versions below 1.16.0 are vulnerable.

Check Version:

docker exec tooljet-container npm list tooljet | grep tooljet@ || check package.json version

Verify Fix Applied:

Verify ToolJet version is 1.16.0 or higher and test that unnecessary endpoints are no longer exposed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual endpoint access patterns
  • Multiple 404 or 403 errors from enumeration attempts
  • Access to deprecated or internal endpoints

Network Indicators:

  • Unusual HTTP request patterns to ToolJet endpoints
  • Port scanning or service enumeration against ToolJet instances

SIEM Query:

source="tooljet" AND (status=404 OR status=403) AND count by src_ip > threshold

📊 Metadata

CVE ID: CVE-2022-2037
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-1125
Published: June 9, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-2037, you might also want to check these:

CVE-2022-1715 9.8

This vulnerability allows attackers to take over user accounts in FacturaScripts, an open-source bil...

Same vulnerability type (CWE-1125)
CVE-2024-5386 8.8

In lunary-ai/lunary version 1.2.2, a privilege escalation vulnerability allows users with 'viewer' r...

Same vulnerability type (CWE-1125)