StackStorm st2api Unauthorized Access Vulnerability

A vulnerability in the st2api of StackStorm could allow a local attacker to gain unauthorized access to a targeted system.

The vulnerability exists because the affected software improperly handles query parameter filters. An attacker could exploit this vulnerability by using a malicious query filter on the targeted system. A successful exploit could allow the attacker to access unauthorized data on the targeted system, which could be used to conduct further attacks.

StackStorm has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-20345

Source:: Cisco Multivendor Vulnerability Alerts