GoogleOSV:GHSA-6XC2-MJ39-Q599Strapi allows unauthenticated attacker to reset admin password without valid reset token
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.896 High
EPSS
Percentile
98.7%
Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin’s password without providing a valid password reset token.
Recommendation
Upgrade to version 3.0.0-beta.17.5 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| strapi | lt | 3.0.0-beta.17.5 |
References
packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html
packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html
packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18818
github.com/strapi/strapi
github.com/strapi/strapi/pull/4443
github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5
nvd.nist.gov/vuln/detail/CVE-2019-18818
www.npmjs.com/advisories/1311
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.896 High
EPSS
Percentile
98.7%