What is CVE-2019-18818?

CVE-2019-18818 is a vulnerability in N/a. Published 2019-11-07.

Is CVE-2019-18818 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

EPSS: 0.940 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/strapi/strapi/pull/4443 (x_refsource_MISC)
github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5 (x_refsource_MISC)
www.npmjs.com/advisories/1311 (x_refsource_MISC)
packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Exe… (x_refsource_MISC)
packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.ht… (x_refsource_MISC)
packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escal… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-18818?: CVE-2019-18818 is a vulnerability in N/a. Published 2019-11-07.
Is CVE-2019-18818 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.