Lucene search
PRIOn knowledge basePRION:CVE-2023-36472HistorySep 15, 2023 - 7:15 p.m.
Design/Logic Flaw
2023-09-1519:15:00
PRIOn knowledge base
www.prio-n.com
10
strapi
content management system
security flaw
unauthorized access
password tokens
nvd.
Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The /content-manager/relations route does not remove private fields or ensure that they can’t be selected. This issue is fixed in version 4.11.7.
Related
cvelist
cvelist
osv
osv
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
2023-09-13 16:31:31
CVE-2023-36472
2023-09-15 19:15:08
cve
cve
CVE-2023-36472
2023-09-15 19:15:08
veracode
veracode
Information Disclosure
2023-09-15 12:29:35
github
github
nvd
nvd
CVE-2023-36472
2023-09-15 19:15:08