Lucene search
GoogleOSV:GHSA-85VG-GRR5-PW42HistoryMay 04, 2022 - 12:00 a.m.
Insecure password handling vulnerability in Strapi
2022-05-0400:00:22
Google
osv.dev
11
0.008 Low
EPSS
Percentile
81.4%
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request. From this, the attacker can get the victim’s cookie, base64 decode it, and obtain a cleartext password, leading to getting API documentation for further API attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @strapi/strapi | lt | 4.1.5 | |
| strapi | lt | 3.6.9 | |
| @strapi/strapi | ge | 4.0.0 |
Related
zdt
zdt
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
2022-05-03 00:00:00
osv
osv
CVE-2021-46440
2022-05-03 18:15:08
packetstorm
packetstorm
Strapi 3.6.8 Password Disclosure / Insecure Handling
2022-05-02 00:00:00
cve
cve
CVE-2021-46440
2022-05-03 18:15:08
prion
prion
Format string
2022-05-03 18:15:00
cvelist
cvelist
CVE-2021-46440
2022-05-03 17:03:51
nvd
nvd
CVE-2021-46440
2022-05-03 18:15:08
github
github
Insecure password handling vulnerability in Strapi
2022-05-04 00:00:22