29 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch. • https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc • CWE-294: Authentication Bypass by Capture-replay CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well. • https://github.com/strapi/strapi/commit/a0da7e73e1496d835fe71a2febb14f70170135c7 https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm • CWE-248: Uncaught Exception •

CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch. • https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6 https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has been patched in version 1.3.4. There are no known workarounds. • https://github.com/strapi-community/strapi-plugin-protected-populate/commit/05441066d64e09dd55937d9f089962e9ebe2fb39 https://github.com/strapi-community/strapi-plugin-protected-populate/releases/tag/v1.3.4 https://github.com/strapi-community/strapi-plugin-protected-populate/security/advisories/GHSA-6h67-934r-82g7 • CWE-863: Incorrect Authorization •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. • https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2 • CWE-287: Improper Authentication •