Vulnerability Details CVE-2018-20301
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-20301
-
cpe:2.3:a:coherence_project:coherence:0.0.1
-
cpe:2.3:a:coherence_project:coherence:0.0.3
-
cpe:2.3:a:coherence_project:coherence:0.1.0
-
cpe:2.3:a:coherence_project:coherence:0.1.1
-
cpe:2.3:a:coherence_project:coherence:0.1.2
-
cpe:2.3:a:coherence_project:coherence:0.1.3
-
cpe:2.3:a:coherence_project:coherence:0.2.0
-
cpe:2.3:a:coherence_project:coherence:0.3.0
-
cpe:2.3:a:coherence_project:coherence:0.3.1
-
cpe:2.3:a:coherence_project:coherence:0.4.0
-
cpe:2.3:a:coherence_project:coherence:0.5.0
-
cpe:2.3:a:coherence_project:coherence:0.5.1