CVE-2023-22893
https://notcve.org/view.php?id=CVE-2023-22893
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. • https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-287: Improper Authentication •
CVE-2023-22894
https://notcve.org/view.php?id=CVE-2023-22894
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. • https://github.com/Saboor-Hakimi/CVE-2023-22894 https://github.com/strapi/strapi/releases https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve https://www.ghostccamm.com/blog/multi_strapi_vulns • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-31367
https://notcve.org/view.php?id=CVE-2022-31367
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Strapi versiones anteriores a 3.6.10 y 4.x anteriores a 4.1.10, maneja inapropiadamente los atributos ocultos dentro de las respuestas de la API de administración • https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367 https://github.com/strapi/strapi/releases/tag/v3.6.10 https://github.com/strapi/strapi/releases/tag/v4.1.10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-30618
https://notcve.org/view.php?id=CVE-2022-30618
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. Un usuario autenticado con acceso al panel de administración de Strapi puede visualizar datos privados y confidenciales, como el correo electrónico y los tokens de restablecimiento de contraseña, para los usuarios de la API si los tipos de contenido accesibles para el usuario autenticado contienen relaciones con los usuarios de la API (from:users-permissions). • https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2022-27263
https://notcve.org/view.php?id=CVE-2022-27263
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. Una vulnerabilidad de carga de archivos arbitraria en el módulo de carga de archivos de Strapi versión v4.1.5, permite a atacantes ejecutar código arbitrario por medio de un archivo diseñado • https://github.com/strapi/strapi https://www.youtube.com/watch?v=LEeabouqRrg • CWE-434: Unrestricted Upload of File with Dangerous Type •