← Back

CVE-2019-18818

nvd nistnuclei
Published: Nov 7, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Affected (90)

Products: Strapi: Strapi
Strapi
1 product
Strapi
Configuration A
90 vulnerable
Vulnerable SoftwareAffected Versions
Strapi
Strapi
Up to 1.6.4
Strapi
Version 3.0.0 alpha10.1
Strapi
Version 3.0.0 alpha10.2
Strapi
Version 3.0.0 alpha10.3
Strapi
Version 3.0.0 alpha11.1
Strapi
Version 3.0.0 alpha11.2
Strapi
Version 3.0.0 alpha11.3
Strapi
Version 3.0.0 alpha11
Strapi
Version 3.0.0 alpha12.1.3
Strapi
Version 3.0.0 alpha12.1
Strapi
Version 3.0.0 alpha12.2
Strapi
Version 3.0.0 alpha12.3
Strapi
Version 3.0.0 alpha12.4
Strapi
Version 3.0.0 alpha12.5
Strapi
Version 3.0.0 alpha12.6
Strapi
Version 3.0.0 alpha12.7.1
Strapi
Version 3.0.0 alpha12.7
Strapi
Version 3.0.0 alpha12
Strapi
Version 3.0.0 alpha13.0.1
Strapi
Version 3.0.0 alpha13.1
Strapi
Version 3.0.0 alpha13
Strapi
Version 3.0.0 alpha14.1.1
Strapi
Version 3.0.0 alpha14.1
Strapi
Version 3.0.0 alpha14.2
Strapi
Version 3.0.0 alpha14.3
Strapi
Version 3.0.0 alpha14.4.0
Strapi
Version 3.0.0 alpha14.5
Strapi
Version 3.0.0 alpha14
Strapi
Version 3.0.0 alpha15
Strapi
Version 3.0.0 alpha16
Strapi
Version 3.0.0 alpha17
Strapi
Version 3.0.0 alpha18
Strapi
Version 3.0.0 alpha19
Strapi
Version 3.0.0 alpha20
Strapi
Version 3.0.0 alpha21
Strapi
Version 3.0.0 alpha22
Strapi
Version 3.0.0 alpha23.1
Strapi
Version 3.0.0 alpha23
Strapi
Version 3.0.0 alpha24.1
Strapi
Version 3.0.0 alpha24
Strapi
Version 3.0.0 alpha25.1
Strapi
Version 3.0.0 alpha25.2
Strapi
Version 3.0.0 alpha25
Strapi
Version 3.0.0 alpha26.1
Strapi
Version 3.0.0 alpha26.2
Strapi
Version 3.0.0 alpha26
Strapi
Version 3.0.0 alpha4.8
Strapi
Version 3.0.0 alpha4
Strapi
Version 3.0.0 alpha5.3
Strapi
Version 3.0.0 alpha5.5
Strapi
Version 3.0.0 alpha6.3
Strapi
Version 3.0.0 alpha6.4
Strapi
Version 3.0.0 alpha6.7
Strapi
Version 3.0.0 alpha7.2
Strapi
Version 3.0.0 alpha7.3
Strapi
Version 3.0.0 alpha8.3
Strapi
Version 3.0.0 alpha8
Strapi
Version 3.0.0 alpha9.1
Strapi
Version 3.0.0 alpha9.2
Strapi
Version 3.0.0 alpha9
Strapi
Version 3.0.0 beta0
Strapi
Version 3.0.0 beta10
Strapi
Version 3.0.0 beta11
Strapi
Version 3.0.0 beta12
Strapi
Version 3.0.0 beta13
Strapi
Version 3.0.0 beta14
Strapi
Version 3.0.0 beta15
Strapi
Version 3.0.0 beta16.1
Strapi
Version 3.0.0 beta16.2
Strapi
Version 3.0.0 beta16.3
Strapi
Version 3.0.0 beta16.4
Strapi
Version 3.0.0 beta16.5
Strapi
Version 3.0.0 beta16.6
Strapi
Version 3.0.0 beta16.7
Strapi
Version 3.0.0 beta16.8
Strapi
Version 3.0.0 beta16
Strapi
Version 3.0.0 beta17.1
Strapi
Version 3.0.0 beta17.2
Strapi
Version 3.0.0 beta17.3
Strapi
Version 3.0.0 beta17.4
Strapi
Version 3.0.0 beta17
Strapi
Version 3.0.0 beta1
Strapi
Version 3.0.0 beta2
Strapi
Version 3.0.0 beta3
Strapi
Version 3.0.0 beta4
Strapi
Version 3.0.0 beta5
Strapi
Version 3.0.0 beta6
Strapi
Version 3.0.0 beta7
Strapi
Version 3.0.0 beta8
Strapi
Version 3.0.0 beta9

Related CWEs

CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (12)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.