Lucene search
K

686 matches found

Veracode
Veracode
added 2019/11/08 7:10 a.m.27 views

Privilege Escalation

strapi is vulnerable to privilege escalation. The password reset function allows an attacker to reset any user's password and gain access to the application...

9.8CVSS4.6AI score0.97639EPSS
Exploits13References6Affected Software1
NVD
NVD
added 2019/11/07 10:15 p.m.16 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS9.6AI score0.97639EPSS
Exploits13References6
OSV
OSV
added 2019/11/07 10:15 p.m.22 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS6.9AI score
Exploits0References6
Prion
Prion
added 2019/11/07 10:15 p.m.21 views

Default credentials

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

7.5CVSS9.5AI score0.97639EPSS
Exploits13References6Affected Software1
Cvelist
Cvelist
added 2019/11/07 9:2 p.m.27 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.6AI score0.97639EPSS
Exploits13References6
CVE
CVE
added 2019/11/07 9:2 p.m.424 views

CVE-2019-18818

The CVE-2019-18818 vulnerability affects Strapi CMS versions up to 3.0.0-beta.17.5, caused by a mishandling of password resets in admin/Auth.js and users-permissions/Auth.js. This leads to an unauthenticated admin password reset and privilege escalation, enabling unauthorized admin access. Remedi...

9.8CVSS9.3AI score0.97639EPSS
In wildExploits13References6Affected Software1
Rows per page
Query Builder