How severe is CVE-2022-30618?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-30618?

This is classified as CWE-212, which is a common weakness in software security.

CVE-2022-30618 - HIGH Severity | CVSS 7.5

Vulnerability Description

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users.

Related Vulnerabilities

CVE-2002-0704

HIGH

CVSS:7.5(High)

The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

CWE-2122002

CVE-2018-6337

HIGH

CVSS:7.5(High)

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM...

CWE-2122018

CVE-2019-20637

HIGH

CVSS:7.5(High)

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next req...

CWE-2122019

CVE-2020-1940

HIGH

CVSS:7.5(High)

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates ...

CWE-2122020

CVE-2020-36476

HIGH

CVSS:7.5(High)

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data ...

CWE-2122020

CVE-2021-31780

HIGH

CVSS:7.5(High)

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event e...

CWE-2122021