What is the severity of CVE-2019-18818?

CVE-2019-18818 has a high severity rating due to its potential for security issues related to password reset handling.

How do I fix CVE-2019-18818?

To fix CVE-2019-18818, update your Strapi installation to version 3.0.0-beta.17.5 or later.

Which versions of Strapi are affected by CVE-2019-18818?

CVE-2019-18818 affects Strapi versions before 3.0.0-beta.17.5, including all beta versions and releases before it.

What specific components are impacted by CVE-2019-18818?

CVE-2019-18818 specifically impacts the password reset functionalities within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Is CVE-2019-18818 related to user permissions in Strapi?

Yes, CVE-2019-18818 is related to user permissions as it involves vulnerabilities in authentication mechanisms.

Vulnerability/
CVE-2019-18818

critical

9.8

CWE

640

7/11/2019

5/8/2024

CVE-2019-18818

First published: Thu Nov 07 2019(Updated: )

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Strapi Strapi	<=1.6.4
Strapi Strapi	=3.0.0-alpha10.1
Strapi Strapi	=3.0.0-alpha10.2
Strapi Strapi	=3.0.0-alpha10.3
Strapi Strapi	=3.0.0-alpha11
Strapi Strapi	=3.0.0-alpha11.1
Strapi Strapi	=3.0.0-alpha11.2
Strapi Strapi	=3.0.0-alpha11.3
Strapi Strapi	=3.0.0-alpha12
Strapi Strapi	=3.0.0-alpha12.1
Strapi Strapi	=3.0.0-alpha12.1.3
Strapi Strapi	=3.0.0-alpha12.2
Strapi Strapi	=3.0.0-alpha12.3
Strapi Strapi	=3.0.0-alpha12.4
Strapi Strapi	=3.0.0-alpha12.5
Strapi Strapi	=3.0.0-alpha12.6
Strapi Strapi	=3.0.0-alpha12.7
Strapi Strapi	=3.0.0-alpha12.7.1
Strapi Strapi	=3.0.0-alpha13
Strapi Strapi	=3.0.0-alpha13.0.1
Strapi Strapi	=3.0.0-alpha13.1
Strapi Strapi	=3.0.0-alpha14
Strapi Strapi	=3.0.0-alpha14.1
Strapi Strapi	=3.0.0-alpha14.1.1
Strapi Strapi	=3.0.0-alpha14.2
Strapi Strapi	=3.0.0-alpha14.3
Strapi Strapi	=3.0.0-alpha14.4.0
Strapi Strapi	=3.0.0-alpha14.5
Strapi Strapi	=3.0.0-alpha15
Strapi Strapi	=3.0.0-alpha16
Strapi Strapi	=3.0.0-alpha17
Strapi Strapi	=3.0.0-alpha18
Strapi Strapi	=3.0.0-alpha19
Strapi Strapi	=3.0.0-alpha20
Strapi Strapi	=3.0.0-alpha21
Strapi Strapi	=3.0.0-alpha22
Strapi Strapi	=3.0.0-alpha23
Strapi Strapi	=3.0.0-alpha23.1
Strapi Strapi	=3.0.0-alpha24
Strapi Strapi	=3.0.0-alpha24.1
Strapi Strapi	=3.0.0-alpha25
Strapi Strapi	=3.0.0-alpha25.1
Strapi Strapi	=3.0.0-alpha25.2
Strapi Strapi	=3.0.0-alpha26
Strapi Strapi	=3.0.0-alpha26.1
Strapi Strapi	=3.0.0-alpha26.2
Strapi Strapi	=3.0.0-alpha4
Strapi Strapi	=3.0.0-alpha4.8
Strapi Strapi	=3.0.0-alpha5.3
Strapi Strapi	=3.0.0-alpha5.5
Strapi Strapi	=3.0.0-alpha6.3
Strapi Strapi	=3.0.0-alpha6.4
Strapi Strapi	=3.0.0-alpha6.7
Strapi Strapi	=3.0.0-alpha7.2
Strapi Strapi	=3.0.0-alpha7.3
Strapi Strapi	=3.0.0-alpha8
Strapi Strapi	=3.0.0-alpha8.3
Strapi Strapi	=3.0.0-alpha9
Strapi Strapi	=3.0.0-alpha9.1
Strapi Strapi	=3.0.0-alpha9.2
Strapi Strapi	=3.0.0-beta0
Strapi Strapi	=3.0.0-beta1
Strapi Strapi	=3.0.0-beta10
Strapi Strapi	=3.0.0-beta11
Strapi Strapi	=3.0.0-beta12
Strapi Strapi	=3.0.0-beta13
Strapi Strapi	=3.0.0-beta14
Strapi Strapi	=3.0.0-beta15
Strapi Strapi	=3.0.0-beta16
Strapi Strapi	=3.0.0-beta16.1
Strapi Strapi	=3.0.0-beta16.2
Strapi Strapi	=3.0.0-beta16.3
Strapi Strapi	=3.0.0-beta16.4
Strapi Strapi	=3.0.0-beta16.5
Strapi Strapi	=3.0.0-beta16.6
Strapi Strapi	=3.0.0-beta16.7
Strapi Strapi	=3.0.0-beta16.8
Strapi Strapi	=3.0.0-beta17
Strapi Strapi	=3.0.0-beta17.1
Strapi Strapi	=3.0.0-beta17.2
Strapi Strapi	=3.0.0-beta17.3
Strapi Strapi	=3.0.0-beta17.4
Strapi Strapi	=3.0.0-beta2
Strapi Strapi	=3.0.0-beta3
Strapi Strapi	=3.0.0-beta4
Strapi Strapi	=3.0.0-beta5
Strapi Strapi	=3.0.0-beta6
Strapi Strapi	=3.0.0-beta7
Strapi Strapi	=3.0.0-beta8
Strapi Strapi	=3.0.0-beta9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-18818?
CVE-2019-18818 has a high severity rating due to its potential for security issues related to password reset handling.
How do I fix CVE-2019-18818?
To fix CVE-2019-18818, update your Strapi installation to version 3.0.0-beta.17.5 or later.
Which versions of Strapi are affected by CVE-2019-18818?
CVE-2019-18818 affects Strapi versions before 3.0.0-beta.17.5, including all beta versions and releases before it.
What specific components are impacted by CVE-2019-18818?
CVE-2019-18818 specifically impacts the password reset functionalities within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
Is CVE-2019-18818 related to user permissions in Strapi?
Yes, CVE-2019-18818 is related to user permissions as it involves vulnerabilities in authentication mechanisms.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/strapi
canonical/strapi strapi
version/strapi strapi/1.6.4
version/strapi strapi/3.0.0-alpha10.1
version/strapi strapi/3.0.0-alpha10.2
version/strapi strapi/3.0.0-alpha10.3
version/strapi strapi/3.0.0-alpha11
version/strapi strapi/3.0.0-alpha11.1
version/strapi strapi/3.0.0-alpha11.2
version/strapi strapi/3.0.0-alpha11.3
version/strapi strapi/3.0.0-alpha12
version/strapi strapi/3.0.0-alpha12.1
version/strapi strapi/3.0.0-alpha12.1.3
version/strapi strapi/3.0.0-alpha12.2
version/strapi strapi/3.0.0-alpha12.3
version/strapi strapi/3.0.0-alpha12.4
version/strapi strapi/3.0.0-alpha12.5
version/strapi strapi/3.0.0-alpha12.6
version/strapi strapi/3.0.0-alpha12.7
version/strapi strapi/3.0.0-alpha12.7.1
version/strapi strapi/3.0.0-alpha13
version/strapi strapi/3.0.0-alpha13.0.1
version/strapi strapi/3.0.0-alpha13.1
version/strapi strapi/3.0.0-alpha14
version/strapi strapi/3.0.0-alpha14.1
version/strapi strapi/3.0.0-alpha14.1.1
version/strapi strapi/3.0.0-alpha14.2
version/strapi strapi/3.0.0-alpha14.3
version/strapi strapi/3.0.0-alpha14.4.0
version/strapi strapi/3.0.0-alpha14.5
version/strapi strapi/3.0.0-alpha15
version/strapi strapi/3.0.0-alpha16
version/strapi strapi/3.0.0-alpha17
version/strapi strapi/3.0.0-alpha18
version/strapi strapi/3.0.0-alpha19
version/strapi strapi/3.0.0-alpha20
version/strapi strapi/3.0.0-alpha21
version/strapi strapi/3.0.0-alpha22
version/strapi strapi/3.0.0-alpha23
version/strapi strapi/3.0.0-alpha23.1
version/strapi strapi/3.0.0-alpha24
version/strapi strapi/3.0.0-alpha24.1
version/strapi strapi/3.0.0-alpha25
version/strapi strapi/3.0.0-alpha25.1
version/strapi strapi/3.0.0-alpha25.2
version/strapi strapi/3.0.0-alpha26
version/strapi strapi/3.0.0-alpha26.1
version/strapi strapi/3.0.0-alpha26.2
version/strapi strapi/3.0.0-alpha4
version/strapi strapi/3.0.0-alpha4.8
version/strapi strapi/3.0.0-alpha5.3
version/strapi strapi/3.0.0-alpha5.5
version/strapi strapi/3.0.0-alpha6.3
version/strapi strapi/3.0.0-alpha6.4
version/strapi strapi/3.0.0-alpha6.7
version/strapi strapi/3.0.0-alpha7.2
version/strapi strapi/3.0.0-alpha7.3
version/strapi strapi/3.0.0-alpha8
version/strapi strapi/3.0.0-alpha8.3
version/strapi strapi/3.0.0-alpha9
version/strapi strapi/3.0.0-alpha9.1
version/strapi strapi/3.0.0-alpha9.2
version/strapi strapi/3.0.0-beta0
version/strapi strapi/3.0.0-beta1
version/strapi strapi/3.0.0-beta10
version/strapi strapi/3.0.0-beta11
version/strapi strapi/3.0.0-beta12
version/strapi strapi/3.0.0-beta13
version/strapi strapi/3.0.0-beta14
version/strapi strapi/3.0.0-beta15
version/strapi strapi/3.0.0-beta16
version/strapi strapi/3.0.0-beta16.1
version/strapi strapi/3.0.0-beta16.2
version/strapi strapi/3.0.0-beta16.3
version/strapi strapi/3.0.0-beta16.4
version/strapi strapi/3.0.0-beta16.5
version/strapi strapi/3.0.0-beta16.6
version/strapi strapi/3.0.0-beta16.7
version/strapi strapi/3.0.0-beta16.8
version/strapi strapi/3.0.0-beta17
version/strapi strapi/3.0.0-beta17.1
version/strapi strapi/3.0.0-beta17.2
version/strapi strapi/3.0.0-beta17.3
version/strapi strapi/3.0.0-beta17.4
version/strapi strapi/3.0.0-beta2
version/strapi strapi/3.0.0-beta3
version/strapi strapi/3.0.0-beta4
version/strapi strapi/3.0.0-beta5
version/strapi strapi/3.0.0-beta6
version/strapi strapi/3.0.0-beta7
version/strapi strapi/3.0.0-beta8
version/strapi strapi/3.0.0-beta9

CVE-2019-18818

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-18818?

How do I fix CVE-2019-18818?

Which versions of Strapi are affected by CVE-2019-18818?

What specific components are impacted by CVE-2019-18818?

Is CVE-2019-18818 related to user permissions in Strapi?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-18818?

How do I fix CVE-2019-18818?

Which versions of Strapi are affected by CVE-2019-18818?

What specific components are impacted by CVE-2019-18818?

Is CVE-2019-18818 related to user permissions in Strapi?