CVE-2019-18818 (GCVE-0-2019-18818)

Vulnerability from cvelistv5 – Published: 2019-11-07 21:02 – Updated: 2024-08-05 02:02
VLAI?
Summary
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:39.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/strapi/strapi/pull/4443"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.npmjs.com/advisories/1311"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-08T18:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/strapi/strapi/pull/4443"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.npmjs.com/advisories/1311"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/strapi/strapi/pull/4443",
              "refsource": "MISC",
              "url": "https://github.com/strapi/strapi/pull/4443"
            },
            {
              "name": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5",
              "refsource": "MISC",
              "url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5"
            },
            {
              "name": "https://www.npmjs.com/advisories/1311",
              "refsource": "MISC",
              "url": "https://www.npmjs.com/advisories/1311"
            },
            {
              "name": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18818",
    "datePublished": "2019-11-07T21:02:58",
    "dateReserved": "2019-11-07T00:00:00",
    "dateUpdated": "2024-08-05T02:02:39.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.4\", \"matchCriteriaId\": \"A97983D3-FFBA-485E-8496-6489A9074853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E72C7A0-197D-4324-BBB4-663223C52C7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"954FDA03-9914-42DC-9AF0-81CB69BD0442\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B4D7C63-F071-4572-BD81-65ABCA693A8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*\", \"matchCriteriaId\": \"003189F7-77BD-416F-A253-C808E7E38A11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1DDFD47-7C0A-447F-9A34-F7690B28A4B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3EA2B22-E04D-48FB-8BD9-9CD66598346A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F39E9F5-8AEE-4E26-A084-1BF813A65FFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EC2516-DA0E-4710-AB98-11E1081764DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"62C28A62-C16D-47D6-9D56-2B236287CBF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"D000CAF1-B033-4CF6-B6B4-1A9C10239886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C424AFC4-3DBA-4F69-A030-6B143ADEAE13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B8C9E2B-58B7-4938-BF34-BB2E4322F53F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3747021-429C-4D16-A740-A9C69FA06561\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E76C452-5545-4495-A671-4207A3DFE710\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D493E54-F8BE-470D-B78C-EF2E48645BEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"11C6D99B-67E0-4828-A812-EA987D585C75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6D0EA14-3E88-491D-9522-5F9F2F968329\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"38DF3333-7B40-41A1-8C1A-EE644867193C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECC59C0A-60C1-4DC7-B127-D512271DA491\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*\", \"matchCriteriaId\": \"17CA9542-43DC-4D7D-A159-D7D56639EE46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1826129C-FF15-4422-97CA-F383E6F86B36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"95509917-C33A-43C1-9043-D9618884FDF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF2A7C5-F97C-447B-977D-243321CD807D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A4DF814-73F9-4D04-87BD-03839E7E5BD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*\", \"matchCriteriaId\": \"4198B34C-CFE0-46AD-A2D6-926F5A037759\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"76B25EF2-EFB6-4626-AC51-209523A1342E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*\", \"matchCriteriaId\": \"D15150B6-8B20-496A-BD97-F598E2C243AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*\", \"matchCriteriaId\": \"39C8378E-BBFC-48D0-B69B-ED034BAA100C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*\", \"matchCriteriaId\": \"006A3591-8908-4B9A-A3BA-C2136FC6B009\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E85C03D-DA48-4F2D-A995-0FC82B61327D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F314776-5157-488E-B7A8-B074BC31CC63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*\", \"matchCriteriaId\": \"80EF6FFD-318D-42C7-A5E0-FD2B9E561F68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*\", \"matchCriteriaId\": \"B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*\", \"matchCriteriaId\": \"5184E9EB-396B-412D-88F5-A852F8D74289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*\", \"matchCriteriaId\": \"149771DC-DE72-43DB-9B5C-3717B7078FB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A67962C-D35B-408A-BD74-0B4647B81A23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*\", \"matchCriteriaId\": \"31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"651B10C1-918E-4F6C-970B-45FA9DDE83E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*\", \"matchCriteriaId\": \"20A37EAD-A610-450B-8DC2-A8208200E641\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"836A2C35-38D8-4ED6-B87D-2003C2F3A445\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4153D69D-D158-4AFF-9936-A944B0F7F8E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*\", \"matchCriteriaId\": \"09EA2597-2BA4-4747-9B52-E4E713594A00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"19C9D4D8-978A-431C-B39C-80AB7B22D7D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9423DAF3-6295-4B9D-9B99-CAA9EE698548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"021CE25F-44BD-403C-89EB-91127319B7B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*\", \"matchCriteriaId\": \"54039D06-9AE2-4B83-A7D4-80177A3A5F56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"98503595-C247-499B-8654-424004FAA263\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE84452-19EC-41BE-9075-D48FA4BFD230\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"01E106C1-EF1B-4768-AB51-19FEA9597558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*\", \"matchCriteriaId\": \"73C9DB4F-266C-4180-A1C1-8DA14854B52C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"07D25069-D60A-4E25-9817-575F555AE176\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*\", \"matchCriteriaId\": \"7066F2B2-B0B1-4922-972A-F0B8963FC594\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD5E0CEF-E30E-4828-891B-056A7FC29951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA634AA2-114D-4D9D-8829-BD8ADA617F71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0321315F-1AE4-4EB8-B701-094196E14689\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"77710B2A-4AA6-4F2A-80DB-BEF3C08AC628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*\", \"matchCriteriaId\": \"43D725A4-1141-4A1E-910A-F458D5FBDF7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9267A380-DAAE-4867-A40D-8CA2B15249CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C52DD2F-1E79-4C8D-8842-E3DA892D72FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A770C55-AA10-4BA9-954F-6F94FCDE6D77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*\", \"matchCriteriaId\": \"A11F1B45-461B-407B-A0C0-D53D17D33427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*\", \"matchCriteriaId\": \"878188D2-C6B0-4BA5-A920-7A8743BA1352\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*\", \"matchCriteriaId\": \"474D3C4C-C5D6-400C-9543-7E42CB6DB3D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B86604F-2CCD-49FA-9DE5-C9229F268E28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F5E4719-B67D-475B-83C7-EF9989A349A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"66370EFF-1BE1-4641-8ADA-00851D335129\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6280EBB-A0AE-477E-A49B-380D1C873E25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA48F7B-3B19-462A-86FC-1BAB0400D401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"35259067-83E2-472E-85F8-15A1201ACE4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*\", \"matchCriteriaId\": \"958DC7DA-9FAC-4BDD-B159-26663BCB4651\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F9EAB9-7BF7-43F4-84CF-11647C8707F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*\", \"matchCriteriaId\": \"772C39A2-EFD9-442F-B5B5-9AE9E216247C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C3A062D-48B0-4FB0-9B9B-D446D315AD93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*\", \"matchCriteriaId\": \"01A38D6B-0D09-4FC0-B836-1304F61268B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"490B0120-D1B7-4C8B-B398-2485291E9E5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34715564-49B1-4616-99B3-E3B11CF9564D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*\", \"matchCriteriaId\": \"875D15CF-0BCA-43B7-8E78-BD82DED81BE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C19783B-FD71-448A-9837-9CC185FAEE95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BD64614-E236-4556-963E-35089BB4BB93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF9D8992-E2A7-4D51-9CAC-151D99937A66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*\", \"matchCriteriaId\": \"88B2D61F-5348-49C1-B35E-B52B960EEC68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B5FAD26-9C56-4A7C-A158-648CBEE44F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*\", \"matchCriteriaId\": \"291A1ED4-786C-4917-8998-2308E31C8E30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.\"}, {\"lang\": \"es\", \"value\": \"strapi versiones anteriores a 3.0.0-beta.17.5, maneja inapropiadamente los restablecimientos de contrase\\u00f1a dentro de los archivos packages/strapi-admin/controllers/Auth.js y packages/strapi-plugin-users-permissions/controllers/Auth.js.\"}]",
      "id": "CVE-2019-18818",
      "lastModified": "2024-11-21T04:33:38.113",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-07T22:15:10.570",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/strapi/strapi/pull/4443\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://www.npmjs.com/advisories/1311\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/strapi/strapi/pull/4443\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://www.npmjs.com/advisories/1311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-640\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-18818\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-11-07T22:15:10.570\",\"lastModified\":\"2024-11-21T04:33:38.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.\"},{\"lang\":\"es\",\"value\":\"strapi versiones anteriores a 3.0.0-beta.17.5, maneja inapropiadamente los restablecimientos de contrase\u00f1a dentro de los archivos packages/strapi-admin/controllers/Auth.js y packages/strapi-plugin-users-permissions/controllers/Auth.js.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-640\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.4\",\"matchCriteriaId\":\"A97983D3-FFBA-485E-8496-6489A9074853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E72C7A0-197D-4324-BBB4-663223C52C7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"954FDA03-9914-42DC-9AF0-81CB69BD0442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4D7C63-F071-4572-BD81-65ABCA693A8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*\",\"matchCriteriaId\":\"003189F7-77BD-416F-A253-C808E7E38A11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1DDFD47-7C0A-447F-9A34-F7690B28A4B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EA2B22-E04D-48FB-8BD9-9CD66598346A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F39E9F5-8AEE-4E26-A084-1BF813A65FFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EC2516-DA0E-4710-AB98-11E1081764DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C28A62-C16D-47D6-9D56-2B236287CBF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D000CAF1-B033-4CF6-B6B4-1A9C10239886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C424AFC4-3DBA-4F69-A030-6B143ADEAE13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8C9E2B-58B7-4938-BF34-BB2E4322F53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3747021-429C-4D16-A740-A9C69FA06561\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E76C452-5545-4495-A671-4207A3DFE710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D493E54-F8BE-470D-B78C-EF2E48645BEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"11C6D99B-67E0-4828-A812-EA987D585C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D0EA14-3E88-491D-9522-5F9F2F968329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38DF3333-7B40-41A1-8C1A-EE644867193C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC59C0A-60C1-4DC7-B127-D512271DA491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*\",\"matchCriteriaId\":\"17CA9542-43DC-4D7D-A159-D7D56639EE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1826129C-FF15-4422-97CA-F383E6F86B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"95509917-C33A-43C1-9043-D9618884FDF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF2A7C5-F97C-447B-977D-243321CD807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A4DF814-73F9-4D04-87BD-03839E7E5BD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4198B34C-CFE0-46AD-A2D6-926F5A037759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B25EF2-EFB6-4626-AC51-209523A1342E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*\",\"matchCriteriaId\":\"D15150B6-8B20-496A-BD97-F598E2C243AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C8378E-BBFC-48D0-B69B-ED034BAA100C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*\",\"matchCriteriaId\":\"006A3591-8908-4B9A-A3BA-C2136FC6B009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E85C03D-DA48-4F2D-A995-0FC82B61327D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F314776-5157-488E-B7A8-B074BC31CC63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EF6FFD-318D-42C7-A5E0-FD2B9E561F68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*\",\"matchCriteriaId\":\"5184E9EB-396B-412D-88F5-A852F8D74289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*\",\"matchCriteriaId\":\"149771DC-DE72-43DB-9B5C-3717B7078FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A67962C-D35B-408A-BD74-0B4647B81A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*\",\"matchCriteriaId\":\"31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"651B10C1-918E-4F6C-970B-45FA9DDE83E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A37EAD-A610-450B-8DC2-A8208200E641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"836A2C35-38D8-4ED6-B87D-2003C2F3A445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4153D69D-D158-4AFF-9936-A944B0F7F8E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*\",\"matchCriteriaId\":\"09EA2597-2BA4-4747-9B52-E4E713594A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C9D4D8-978A-431C-B39C-80AB7B22D7D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9423DAF3-6295-4B9D-9B99-CAA9EE698548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"021CE25F-44BD-403C-89EB-91127319B7B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*\",\"matchCriteriaId\":\"54039D06-9AE2-4B83-A7D4-80177A3A5F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"98503595-C247-499B-8654-424004FAA263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE84452-19EC-41BE-9075-D48FA4BFD230\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E106C1-EF1B-4768-AB51-19FEA9597558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C9DB4F-266C-4180-A1C1-8DA14854B52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"07D25069-D60A-4E25-9817-575F555AE176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*\",\"matchCriteriaId\":\"7066F2B2-B0B1-4922-972A-F0B8963FC594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD5E0CEF-E30E-4828-891B-056A7FC29951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA634AA2-114D-4D9D-8829-BD8ADA617F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0321315F-1AE4-4EB8-B701-094196E14689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"77710B2A-4AA6-4F2A-80DB-BEF3C08AC628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"43D725A4-1141-4A1E-910A-F458D5FBDF7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9267A380-DAAE-4867-A40D-8CA2B15249CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C52DD2F-1E79-4C8D-8842-E3DA892D72FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A770C55-AA10-4BA9-954F-6F94FCDE6D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*\",\"matchCriteriaId\":\"A11F1B45-461B-407B-A0C0-D53D17D33427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*\",\"matchCriteriaId\":\"878188D2-C6B0-4BA5-A920-7A8743BA1352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*\",\"matchCriteriaId\":\"474D3C4C-C5D6-400C-9543-7E42CB6DB3D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B86604F-2CCD-49FA-9DE5-C9229F268E28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F5E4719-B67D-475B-83C7-EF9989A349A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"66370EFF-1BE1-4641-8ADA-00851D335129\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6280EBB-A0AE-477E-A49B-380D1C873E25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA48F7B-3B19-462A-86FC-1BAB0400D401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"35259067-83E2-472E-85F8-15A1201ACE4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"958DC7DA-9FAC-4BDD-B159-26663BCB4651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F9EAB9-7BF7-43F4-84CF-11647C8707F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"772C39A2-EFD9-442F-B5B5-9AE9E216247C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3A062D-48B0-4FB0-9B9B-D446D315AD93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A38D6B-0D09-4FC0-B836-1304F61268B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B0120-D1B7-4C8B-B398-2485291E9E5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34715564-49B1-4616-99B3-E3B11CF9564D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"875D15CF-0BCA-43B7-8E78-BD82DED81BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C19783B-FD71-448A-9837-9CC185FAEE95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD64614-E236-4556-963E-35089BB4BB93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9D8992-E2A7-4D51-9CAC-151D99937A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B2D61F-5348-49C1-B35E-B52B960EEC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B5FAD26-9C56-4A7C-A158-648CBEE44F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"291A1ED4-786C-4917-8998-2308E31C8E30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/strapi/strapi/pull/4443\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/advisories/1311\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/strapi/strapi/pull/4443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/advisories/1311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.