CVE-2020-8123

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
strapistrapi
𝑥
< 3.0.0
strapistrapi
3.0.0:alpha10.1
strapistrapi
3.0.0:alpha10.2
strapistrapi
3.0.0:alpha10.3
strapistrapi
3.0.0:alpha11
strapistrapi
3.0.0:alpha11.1
strapistrapi
3.0.0:alpha11.2
strapistrapi
3.0.0:alpha11.3
strapistrapi
3.0.0:alpha12
strapistrapi
3.0.0:alpha12.1
strapistrapi
3.0.0:alpha12.1.3
strapistrapi
3.0.0:alpha12.2
strapistrapi
3.0.0:alpha12.3
strapistrapi
3.0.0:alpha12.4
strapistrapi
3.0.0:alpha12.5
strapistrapi
3.0.0:alpha12.6
strapistrapi
3.0.0:alpha12.7
strapistrapi
3.0.0:alpha12.7.1
strapistrapi
3.0.0:alpha13
strapistrapi
3.0.0:alpha13.0.1
strapistrapi
3.0.0:alpha13.1
strapistrapi
3.0.0:alpha14
strapistrapi
3.0.0:alpha14.1
strapistrapi
3.0.0:alpha14.1.1
strapistrapi
3.0.0:alpha14.2
strapistrapi
3.0.0:alpha14.3
strapistrapi
3.0.0:alpha14.4.0
strapistrapi
3.0.0:alpha14.5
strapistrapi
3.0.0:alpha15
strapistrapi
3.0.0:alpha16
strapistrapi
3.0.0:alpha17
strapistrapi
3.0.0:alpha18
strapistrapi
3.0.0:alpha19
strapistrapi
3.0.0:alpha20
strapistrapi
3.0.0:alpha21
strapistrapi
3.0.0:alpha22
strapistrapi
3.0.0:alpha23
strapistrapi
3.0.0:alpha23.1
strapistrapi
3.0.0:alpha24
strapistrapi
3.0.0:alpha24.1
strapistrapi
3.0.0:alpha25
strapistrapi
3.0.0:alpha25.1
strapistrapi
3.0.0:alpha25.2
strapistrapi
3.0.0:alpha26
strapistrapi
3.0.0:alpha26.1
strapistrapi
3.0.0:alpha26.2
strapistrapi
3.0.0:alpha4
strapistrapi
3.0.0:alpha4.8
strapistrapi
3.0.0:alpha5.3
strapistrapi
3.0.0:alpha5.5
strapistrapi
3.0.0:alpha6.3
strapistrapi
3.0.0:alpha6.4
strapistrapi
3.0.0:alpha6.7
strapistrapi
3.0.0:alpha7.2
strapistrapi
3.0.0:alpha7.3
strapistrapi
3.0.0:alpha8
strapistrapi
3.0.0:alpha8.3
strapistrapi
3.0.0:alpha9
strapistrapi
3.0.0:alpha9.1
strapistrapi
3.0.0:alpha9.2
strapistrapi
3.0.0:beta0
strapistrapi
3.0.0:beta1
strapistrapi
3.0.0:beta10
strapistrapi
3.0.0:beta11
strapistrapi
3.0.0:beta12
strapistrapi
3.0.0:beta13
strapistrapi
3.0.0:beta14
strapistrapi
3.0.0:beta15
strapistrapi
3.0.0:beta16
strapistrapi
3.0.0:beta16.1
strapistrapi
3.0.0:beta16.2
strapistrapi
3.0.0:beta16.3
strapistrapi
3.0.0:beta16.4
strapistrapi
3.0.0:beta16.5
strapistrapi
3.0.0:beta16.6
strapistrapi
3.0.0:beta16.7
strapistrapi
3.0.0:beta16.8
strapistrapi
3.0.0:beta17
strapistrapi
3.0.0:beta17.1
strapistrapi
3.0.0:beta17.2
strapistrapi
3.0.0:beta17.3
strapistrapi
3.0.0:beta17.4
strapistrapi
3.0.0:beta17.5
strapistrapi
3.0.0:beta17.6
strapistrapi
3.0.0:beta17.7
strapistrapi
3.0.0:beta17.8
strapistrapi
3.0.0:beta18
strapistrapi
3.0.0:beta18.1
strapistrapi
3.0.0:beta18.2
strapistrapi
3.0.0:beta18.3
strapistrapi
3.0.0:beta2
strapistrapi
3.0.0:beta3
strapistrapi
3.0.0:beta4
strapistrapi
3.0.0:beta5
strapistrapi
3.0.0:beta6
strapistrapi
3.0.0:beta7
strapistrapi
3.0.0:beta8
strapistrapi
3.0.0:beta9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://hackerone.com/reports/768574
https://hackerone.com/reports/768574