CVE-2018-20301: An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In pa
mediumvulnerability
security
Summary
CVE-2018-20301 is a mass assignment vulnerability (a flaw where an attacker can modify data fields they shouldn't be able to change) in Steve Pallen Coherence before version 0.5.2. The vulnerability allows users registering for accounts to update any field in the system, including automatically confirming their own accounts by adding a confirmed_at parameter to their registration request.
Vulnerability Details
CVSS Score
4
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
CWE (Weakness Type)
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2018-20301
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 45%