Lucene search
GoogleOSV:CVE-2021-28128HistoryMay 06, 2021 - 2:15 p.m.
CVE-2021-28128
2021-05-0614:15:08
Google
osv.dev
8
In Strapi through 3.6.0, the admin panel allows the changing of one’s own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| strapi | eq | 3.5.1 | |
| strapi | eq | 3.4.2 | |
| strapi | eq | 3.0.0-alpha.8 | |
| strapi | eq | 3.0.0-alpha.23 | |
| strapi | eq | 3.0.0-beta.18.4 | |
| strapi | eq | 3.0.0-beta.16.6 | |
| strapi | eq | 3.0.0-beta.18.7 | |
| strapi | eq | 3.2.3 | |
| strapi | eq | 1.0.0 | |
| strapi | eq | 3.0.0-alpha.4 |
Related
cvelist
cvelist
CVE-2021-28128
2021-05-06 13:49:30
nvd
nvd
CVE-2021-28128
2021-05-06 14:15:08
github
github
Weak Password Recovery Mechanism for Forgotten Password in Strapi
2021-10-06 17:48:16
prion
prion
Default credentials
2021-05-06 14:15:00
cve
cve
CVE-2021-28128
2021-05-06 14:15:08
osv
osv
Weak Password Recovery Mechanism for Forgotten Password in Strapi
2021-10-06 17:48:16