CVE-2019-18818 – Strapi 3.0.0-beta - Set Password (Unauthenticated)

https://notcve.org/view.php?id=CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. strapi versiones anteriores a 3.0.0-beta.17.5, maneja inapropiadamente los restablecimientos de contraseña dentro de los archivos packages/strapi-admin/controllers/Auth.js y packages/strapi-plugin-users-permissions/controllers/Auth.js. • https://www.exploit-db.com/exploits/50237 https://www.exploit-db.com/exploits/50716 https://github.com/guglia001/CVE-2019-18818 https://github.com/rasyidfox/CVE-2019-18818 https://github.com/ossf-cve-benchmark/CVE-2019-18818 http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •