CVE-2019-18818

Exploit

EPSS 94.05%
Veröffentlicht 07.11.2019 22:15:10
Zuletzt bearbeitet 21.11.2024 04:33:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Strapi ≫ Strapi Version <= 1.6.4

Strapi ≫ Strapi Version3.0.0 Updatealpha10.1

Strapi ≫ Strapi Version3.0.0 Updatealpha10.2

Strapi ≫ Strapi Version3.0.0 Updatealpha10.3

Strapi ≫ Strapi Version3.0.0 Updatealpha11

Strapi ≫ Strapi Version3.0.0 Updatealpha11.1

Strapi ≫ Strapi Version3.0.0 Updatealpha11.2

Strapi ≫ Strapi Version3.0.0 Updatealpha11.3

Strapi ≫ Strapi Version3.0.0 Updatealpha12

Strapi ≫ Strapi Version3.0.0 Updatealpha12.1

Strapi ≫ Strapi Version3.0.0 Updatealpha12.1.3

Strapi ≫ Strapi Version3.0.0 Updatealpha12.2

Strapi ≫ Strapi Version3.0.0 Updatealpha12.3

Strapi ≫ Strapi Version3.0.0 Updatealpha12.4

Strapi ≫ Strapi Version3.0.0 Updatealpha12.5

Strapi ≫ Strapi Version3.0.0 Updatealpha12.6

Strapi ≫ Strapi Version3.0.0 Updatealpha12.7

Strapi ≫ Strapi Version3.0.0 Updatealpha12.7.1

Strapi ≫ Strapi Version3.0.0 Updatealpha13

Strapi ≫ Strapi Version3.0.0 Updatealpha13.0.1

Strapi ≫ Strapi Version3.0.0 Updatealpha13.1

Strapi ≫ Strapi Version3.0.0 Updatealpha14

Strapi ≫ Strapi Version3.0.0 Updatealpha14.1

Strapi ≫ Strapi Version3.0.0 Updatealpha14.1.1

Strapi ≫ Strapi Version3.0.0 Updatealpha14.2

Strapi ≫ Strapi Version3.0.0 Updatealpha14.3

Strapi ≫ Strapi Version3.0.0 Updatealpha14.4.0

Strapi ≫ Strapi Version3.0.0 Updatealpha14.5

Strapi ≫ Strapi Version3.0.0 Updatealpha15

Strapi ≫ Strapi Version3.0.0 Updatealpha16

Strapi ≫ Strapi Version3.0.0 Updatealpha17

Strapi ≫ Strapi Version3.0.0 Updatealpha18

Strapi ≫ Strapi Version3.0.0 Updatealpha19

Strapi ≫ Strapi Version3.0.0 Updatealpha20

Strapi ≫ Strapi Version3.0.0 Updatealpha21

Strapi ≫ Strapi Version3.0.0 Updatealpha22

Strapi ≫ Strapi Version3.0.0 Updatealpha23

Strapi ≫ Strapi Version3.0.0 Updatealpha23.1

Strapi ≫ Strapi Version3.0.0 Updatealpha24

Strapi ≫ Strapi Version3.0.0 Updatealpha24.1

Strapi ≫ Strapi Version3.0.0 Updatealpha25

Strapi ≫ Strapi Version3.0.0 Updatealpha25.1

Strapi ≫ Strapi Version3.0.0 Updatealpha25.2

Strapi ≫ Strapi Version3.0.0 Updatealpha26

Strapi ≫ Strapi Version3.0.0 Updatealpha26.1

Strapi ≫ Strapi Version3.0.0 Updatealpha26.2

Strapi ≫ Strapi Version3.0.0 Updatealpha4

Strapi ≫ Strapi Version3.0.0 Updatealpha4.8

Strapi ≫ Strapi Version3.0.0 Updatealpha5.3

Strapi ≫ Strapi Version3.0.0 Updatealpha5.5

Strapi ≫ Strapi Version3.0.0 Updatealpha6.3

Strapi ≫ Strapi Version3.0.0 Updatealpha6.4

Strapi ≫ Strapi Version3.0.0 Updatealpha6.7

Strapi ≫ Strapi Version3.0.0 Updatealpha7.2

Strapi ≫ Strapi Version3.0.0 Updatealpha7.3

Strapi ≫ Strapi Version3.0.0 Updatealpha8

Strapi ≫ Strapi Version3.0.0 Updatealpha8.3

Strapi ≫ Strapi Version3.0.0 Updatealpha9

Strapi ≫ Strapi Version3.0.0 Updatealpha9.1

Strapi ≫ Strapi Version3.0.0 Updatealpha9.2

Strapi ≫ Strapi Version3.0.0 Updatebeta0

Strapi ≫ Strapi Version3.0.0 Updatebeta1

Strapi ≫ Strapi Version3.0.0 Updatebeta10

Strapi ≫ Strapi Version3.0.0 Updatebeta11

Strapi ≫ Strapi Version3.0.0 Updatebeta12

Strapi ≫ Strapi Version3.0.0 Updatebeta13

Strapi ≫ Strapi Version3.0.0 Updatebeta14

Strapi ≫ Strapi Version3.0.0 Updatebeta15

Strapi ≫ Strapi Version3.0.0 Updatebeta16

Strapi ≫ Strapi Version3.0.0 Updatebeta16.1

Strapi ≫ Strapi Version3.0.0 Updatebeta16.2

Strapi ≫ Strapi Version3.0.0 Updatebeta16.3

Strapi ≫ Strapi Version3.0.0 Updatebeta16.4

Strapi ≫ Strapi Version3.0.0 Updatebeta16.5

Strapi ≫ Strapi Version3.0.0 Updatebeta16.6

Strapi ≫ Strapi Version3.0.0 Updatebeta16.7

Strapi ≫ Strapi Version3.0.0 Updatebeta16.8

Strapi ≫ Strapi Version3.0.0 Updatebeta17

Strapi ≫ Strapi Version3.0.0 Updatebeta17.1

Strapi ≫ Strapi Version3.0.0 Updatebeta17.2

Strapi ≫ Strapi Version3.0.0 Updatebeta17.3

Strapi ≫ Strapi Version3.0.0 Updatebeta17.4

Strapi ≫ Strapi Version3.0.0 Updatebeta2

Strapi ≫ Strapi Version3.0.0 Updatebeta3

Strapi ≫ Strapi Version3.0.0 Updatebeta4

Strapi ≫ Strapi Version3.0.0 Updatebeta5

Strapi ≫ Strapi Version3.0.0 Updatebeta6

Strapi ≫ Strapi Version3.0.0 Updatebeta7

Strapi ≫ Strapi Version3.0.0 Updatebeta8

Strapi ≫ Strapi Version3.0.0 Updatebeta9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.05%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/strapi/strapi/pull/4443

Third Party Advisory

https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5

Third Party Advisory

Release Notes

https://www.npmjs.com/advisories/1311

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18818

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18818

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18818

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-18818