Lucene search

GitHub_MCVELIST:CVE-2024-34065

HistoryJun 12, 2024 - 2:54 p.m.

CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

2024-06-1214:54:46

CWE-294

CWE-601

GitHub_M

www.cve.org

strapi

plugin

vulnerability

3rd party

token

authentication

bypass

upgrade

patch

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

Strapi is an open-source content management system. By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.

CNA Affected

[
  {
    "vendor": "strapi",
    "product": "strapi",
    "versions": [
      {
        "version": "< 4.24.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVELIST:CVE-2024-34065