CVE-2020-13961

EPSS 0.62%
Veröffentlicht 19.06.2020 17:15:14
Zuletzt bearbeitet 21.11.2024 05:02:14
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Strapi ≫ Strapi Version < 3.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.691

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://exchange.xforce.ibmcloud.com/vulnerabilities/183045

Third Party Advisory

VDB Entry

https://github.com/strapi/strapi/pull/6599

Third Party Advisory

https://github.com/strapi/strapi/releases/tag/v3.0.2

Third Party Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-13961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13961

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-13961