3 matches found
CVE-2021-28128
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...
CVE-2021-28128
creationtimestamp| type| source ---|---|--- 2021-05-07 17:47:24+00:00| published-proof-of-concept| Telegram/4zb6JUU4YAhTzD-QT0NTZ3JpYz60IsmyTMoni0cq8sY2uAU...
CVE-2021-28128
Strapi up to version 3.6.0 contains an auth weakness in the admin panel: a user can change their own password without entering the current one. If an attacker gains any valid session, they can take over the account by changing the password. This aligns with the CVSS3.1/8.1 (HIGH) impact noted in ...