CVE-2020-8123 : A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be ab

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

Published 2020-02-04 20:15:14

Updated 2020-02-06 18:39:08

Source HackerOne

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-8123

Strapi » Strapi » For Node.js
Versions before (<) 3.0.0
cpe:2.3:a:strapi:strapi:*:*:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha10.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha10.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha10.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha11 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha11.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha11.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha11.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.1.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.6 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.7 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha12.7.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha13 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha13.0.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha13.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.1.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.4.0 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha14.5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha15 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha16 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha17 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha18 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha19 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha20 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha21 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha22 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha23 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha23.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha24 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha24.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha25 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha25.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha25.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha26 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha26.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha26.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha4.8 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha5.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha5.5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha6.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha6.4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha6.7 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha7.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha7.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha8 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha8.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha9 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha9.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Alpha9.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta0 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta10 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta11 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta12 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta13 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta14 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta15 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.6 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.7 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta16.8 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.6 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.6:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.7 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.7:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta17.8 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta17.8:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta18 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta18:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta18.1 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta18.1:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta18.2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta18.2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta18.3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta18.3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta2 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta3 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta4 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta5 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta6 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta7 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta8 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:node.js:*:*
Matching versions
Strapi » Strapi » Version: 3.0.0 Update Beta9 For Node.js
cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:node.js:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-8123

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8123

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2020-8123

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.
Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)

References for CVE-2020-8123

https://hackerone.com/reports/768574

#768574 Denial Of Service in Strapi Framework using argument injection
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-8123

Products affected by CVE-2020-8123

Exploit prediction scoring system (EPSS) score for CVE-2020-8123

CVSS scores for CVE-2020-8123

CWE ids for CVE-2020-8123

References for CVE-2020-8123