CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2023-22893
https://notcve.org/view.php?id=CVE-2023-22893
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. • https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 3CVE-2023-22894
https://notcve.org/view.php?id=CVE-2023-22894
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. • https://github.com/Saboor-Hakimi/CVE-2023-22894 https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31367
https://notcve.org/view.php?id=CVE-2022-31367
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Strapi versiones anteriores a 3.6.10 y 4.x anteriores a 4.1.10, maneja inapropiadamente los atributos ocultos dentro de las respuestas de la API de administración • https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367 https://github.com/strapi/strapi/releases/tag/v3.6.10 https://github.com/strapi/strapi/releases/tag/v4.1.10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32114
https://notcve.org/view.php?id=CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. Una vulnerabilidad de carga de archivos sin restricciones en la función Add New Assets de Strapi versión v4.1.12, permite a atacantes ejecutar código arbitrario por medio de un archivo diseñado • https://github.com/bypazs/CVE-2022-32114 https://docs.strapi.io/dev-docs/configurations/public-assets https://docs.strapi.io/user-docs/users-roles-permissions/configuring-administrator-roles https://github.com/bypazs/strapi https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/content-type-builder/admin/src/components/AllowedTypesSelect/index.js#L14 https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/upload/admin/src/components/MediaLibraryInput/index.js • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29894
https://notcve.org/view.php?id=CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Strapi versiones v3.x.x y anteriores, contienen una vulnerabilidad de tipo cross-site scripting almacenada en la función file upload. Al explotar esta vulnerabilidad, puede ejecutarse un script arbitrario en el navegador web del usuario que está iniciando sesión en el producto con el privilegio administrativo • https://github.com/strapi/strapi https://jvn.jp/en/jp/JVN44550983/index.html https://strapi.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •