CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2023-22893
https://notcve.org/view.php?id=CVE-2023-22893
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. • https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 3CVE-2023-22894
https://notcve.org/view.php?id=CVE-2023-22894
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. • https://github.com/Saboor-Hakimi/CVE-2023-22894 https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31367
https://notcve.org/view.php?id=CVE-2022-31367
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Strapi versiones anteriores a 3.6.10 y 4.x anteriores a 4.1.10, maneja inapropiadamente los atributos ocultos dentro de las respuestas de la API de administración • https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367 https://github.com/strapi/strapi/releases/tag/v3.6.10 https://github.com/strapi/strapi/releases/tag/v4.1.10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29894
https://notcve.org/view.php?id=CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Strapi versiones v3.x.x y anteriores, contienen una vulnerabilidad de tipo cross-site scripting almacenada en la función file upload. Al explotar esta vulnerabilidad, puede ejecutarse un script arbitrario en el navegador web del usuario que está iniciando sesión en el producto con el privilegio administrativo • https://github.com/strapi/strapi https://jvn.jp/en/jp/JVN44550983/index.html https://strapi.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30618
https://notcve.org/view.php?id=CVE-2022-30618
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. Un usuario autenticado con acceso al panel de administración de Strapi puede visualizar datos privados y confidenciales, como el correo electrónico y los tokens de restablecimiento de contraseña, para los usuarios de la API si los tipos de contenido accesibles para el usuario autenticado contienen relaciones con los usuarios de la API (from:users-permissions). • https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •