Mass Assignment Vulnerability in Steve Pallen Coherence Framework
CVE-2018-20301

6.5MEDIUM

Key Information:

Vendor: Coherence Project
Status: Coherence
Vendor: CVE Published:; 20 December 2018

🔔 Create Coherence Project Vulnerability Alert

What is CVE-2018-20301?

A vulnerability in the Steve Pallen Coherence Framework prior to version 0.5.2 allows unauthorized users to modify sensitive account information through 'registration' endpoints. This flaw permits users to send specific parameters with their requests, such as 'confirmed_at', to automatically validate their accounts. Consequently, it poses a significant risk to user account integrity and access control, enabling potential abuse of the registration process.

References

https://github.com/smpallen99/coherence/issues/270

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2018
Vulnerability Reserved
Dec 19, 2018

CVE-2018-20301 Data

JSON