Vulnerability Description
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datalust | Seq | < 4.2.605 |
Related Weaknesses (CWE)
References
- https://github.com/datalust/seq-tickets/issues/675PatchThird Party Advisory
- https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732ExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/45136/ExploitThird Party AdvisoryVDB Entry
- https://github.com/datalust/seq-tickets/issues/675PatchThird Party Advisory
- https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732ExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/45136/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-8096?
CVE-2018-8096 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenti...
How severe is CVE-2018-8096?
CVE-2018-8096 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-8096?
Check the references section above for vendor advisories and patch information. Affected products include: Datalust Seq.