Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request. From this, the attacker can get the victim’s cookie, base64 decode it, and obtain a cleartext password, leading to getting API documentation for further API attacks.
CPE | Name | Operator | Version |
---|---|---|---|
@strapi/strapi | lt | 4.1.5 | |
strapi | lt | 3.6.9 | |
@strapi/strapi | ge | 4.0.0 |