CVE-2024-34065

2024-06-1215:15:51

CWE-294

CWE-601

[email protected]

web.nvd.nist.gov

strapi

content management system

open redirect

session token

authentication bypass

unauthenticated attacker

user interaction

third party token

upgrade

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.

Affected configurations

Vulners

Node

strapistrapiRange<4.24.2

CNA Affected

[
  {
    "vendor": "strapi",
    "product": "strapi",
    "versions": [
      {
        "version": "< 4.24.2",
        "status": "affected"
      }
    ]
  }
]