CVE-2018-20345
CVE-2018-20345 describes an incorrect access-control flaw in the StackStorm StackStorm API (st2api). Before 2.9.2 and before 2.10.1 (in 2.10.x), an authenticated StackStorm user could query datastore items for other users via /v1/keys with parameters ?scope=all and ?user=. Enterprise editions wit...