CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20345

Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=<username>" query filter parameters. Enterprise editions with RBAC enabled are not affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.1%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 3.5

References

Products affected by CVE-2018-20345

Stackstorm » Stackstorm » Version: 0.11.0

cpe:2.3:a:stackstorm:stackstorm:0.11.0
Stackstorm » Stackstorm » Version: 0.11.1

cpe:2.3:a:stackstorm:stackstorm:0.11.1
Stackstorm » Stackstorm » Version: 0.11.2

cpe:2.3:a:stackstorm:stackstorm:0.11.2
Stackstorm » Stackstorm » Version: 0.11.3

cpe:2.3:a:stackstorm:stackstorm:0.11.3
Stackstorm » Stackstorm » Version: 0.11.4

cpe:2.3:a:stackstorm:stackstorm:0.11.4
Stackstorm » Stackstorm » Version: 0.11.5

cpe:2.3:a:stackstorm:stackstorm:0.11.5
Stackstorm » Stackstorm » Version: 0.11.6

cpe:2.3:a:stackstorm:stackstorm:0.11.6
Stackstorm » Stackstorm » Version: 0.12.0

cpe:2.3:a:stackstorm:stackstorm:0.12.0
Stackstorm » Stackstorm » Version: 0.12.1

cpe:2.3:a:stackstorm:stackstorm:0.12.1
Stackstorm » Stackstorm » Version: 0.12.2

cpe:2.3:a:stackstorm:stackstorm:0.12.2
Stackstorm » Stackstorm » Version: 0.12.3

cpe:2.3:a:stackstorm:stackstorm:0.12.3
Stackstorm » Stackstorm » Version: 0.13.0

cpe:2.3:a:stackstorm:stackstorm:0.13.0
Stackstorm » Stackstorm » Version: 0.13.1

cpe:2.3:a:stackstorm:stackstorm:0.13.1
Stackstorm » Stackstorm » Version: 0.13.2

cpe:2.3:a:stackstorm:stackstorm:0.13.2
Stackstorm » Stackstorm » Version: 0.5.1

cpe:2.3:a:stackstorm:stackstorm:0.5.1
Stackstorm » Stackstorm » Version: 0.6.0

cpe:2.3:a:stackstorm:stackstorm:0.6.0
Stackstorm » Stackstorm » Version: 0.7

cpe:2.3:a:stackstorm:stackstorm:0.7
Stackstorm » Stackstorm » Version: 0.8.0

cpe:2.3:a:stackstorm:stackstorm:0.8.0
Stackstorm » Stackstorm » Version: 0.8.1

cpe:2.3:a:stackstorm:stackstorm:0.8.1
Stackstorm » Stackstorm » Version: 0.8.2

cpe:2.3:a:stackstorm:stackstorm:0.8.2
Stackstorm » Stackstorm » Version: 0.8.3

cpe:2.3:a:stackstorm:stackstorm:0.8.3
Stackstorm » Stackstorm » Version: 0.9.0

cpe:2.3:a:stackstorm:stackstorm:0.9.0
Stackstorm » Stackstorm » Version: 0.9.1

cpe:2.3:a:stackstorm:stackstorm:0.9.1
Stackstorm » Stackstorm » Version: 0.9.2

cpe:2.3:a:stackstorm:stackstorm:0.9.2
Stackstorm » Stackstorm » Version: 1.1.0

cpe:2.3:a:stackstorm:stackstorm:1.1.0
Stackstorm » Stackstorm » Version: 1.1.1

cpe:2.3:a:stackstorm:stackstorm:1.1.1
Stackstorm » Stackstorm » Version: 1.2.0

cpe:2.3:a:stackstorm:stackstorm:1.2.0
Stackstorm » Stackstorm » Version: 1.3.0

cpe:2.3:a:stackstorm:stackstorm:1.3.0
Stackstorm » Stackstorm » Version: 1.3.1

cpe:2.3:a:stackstorm:stackstorm:1.3.1
Stackstorm » Stackstorm » Version: 1.3.2

cpe:2.3:a:stackstorm:stackstorm:1.3.2
Stackstorm » Stackstorm » Version: 1.4.0

cpe:2.3:a:stackstorm:stackstorm:1.4.0
Stackstorm » Stackstorm » Version: 1.5.0

cpe:2.3:a:stackstorm:stackstorm:1.5.0
Stackstorm » Stackstorm » Version: 1.5.1

cpe:2.3:a:stackstorm:stackstorm:1.5.1
Stackstorm » Stackstorm » Version: 1.6.0

cpe:2.3:a:stackstorm:stackstorm:1.6.0
Stackstorm » Stackstorm » Version: 2.0.0

cpe:2.3:a:stackstorm:stackstorm:2.0.0
Stackstorm » Stackstorm » Version: 2.0.1

cpe:2.3:a:stackstorm:stackstorm:2.0.1
Stackstorm » Stackstorm » Version: 2.1.0

cpe:2.3:a:stackstorm:stackstorm:2.1.0
Stackstorm » Stackstorm » Version: 2.1.1

cpe:2.3:a:stackstorm:stackstorm:2.1.1
Stackstorm » Stackstorm » Version: 2.10.0

cpe:2.3:a:stackstorm:stackstorm:2.10.0
Stackstorm » Stackstorm » Version: 2.2.0

cpe:2.3:a:stackstorm:stackstorm:2.2.0
Stackstorm » Stackstorm » Version: 2.2.1

cpe:2.3:a:stackstorm:stackstorm:2.2.1
Stackstorm » Stackstorm » Version: 2.3.0

cpe:2.3:a:stackstorm:stackstorm:2.3.0
Stackstorm » Stackstorm » Version: 2.3.1

cpe:2.3:a:stackstorm:stackstorm:2.3.1
Stackstorm » Stackstorm » Version: 2.3.2

cpe:2.3:a:stackstorm:stackstorm:2.3.2
Stackstorm » Stackstorm » Version: 2.4.0

cpe:2.3:a:stackstorm:stackstorm:2.4.0
Stackstorm » Stackstorm » Version: 2.4.1

cpe:2.3:a:stackstorm:stackstorm:2.4.1
Stackstorm » Stackstorm » Version: 2.5.0

cpe:2.3:a:stackstorm:stackstorm:2.5.0
Stackstorm » Stackstorm » Version: 2.5.1

cpe:2.3:a:stackstorm:stackstorm:2.5.1
Stackstorm » Stackstorm » Version: 2.6.0

cpe:2.3:a:stackstorm:stackstorm:2.6.0
Stackstorm » Stackstorm » Version: 2.7.0

cpe:2.3:a:stackstorm:stackstorm:2.7.0
Stackstorm » Stackstorm » Version: 2.7.1

cpe:2.3:a:stackstorm:stackstorm:2.7.1
Stackstorm » Stackstorm » Version: 2.7.2

cpe:2.3:a:stackstorm:stackstorm:2.7.2
Stackstorm » Stackstorm » Version: 2.8.0

cpe:2.3:a:stackstorm:stackstorm:2.8.0
Stackstorm » Stackstorm » Version: 2.8.1

cpe:2.3:a:stackstorm:stackstorm:2.8.1
Stackstorm » Stackstorm » Version: 2.9.0

cpe:2.3:a:stackstorm:stackstorm:2.9.0
Stackstorm » Stackstorm » Version: 2.9.1

cpe:2.3:a:stackstorm:stackstorm:2.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20345

Products

Pricing

Contact Us