CVE-2018-8096
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
14/03/2018
Last modified:
17/06/2026
Description
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:* | 4.2.605 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/datalust/seq-tickets/issues/675
- https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732
- https://www.exploit-db.com/exploits/45136/
- https://github.com/datalust/seq-tickets/issues/675
- https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732
- https://www.exploit-db.com/exploits/45136/



