4 matches found
CVE-2023-37263
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...
CVE-2023-37263 Strapi's field level permissions not being respected in relationship title
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...
CVE-2023-37263
CVE-2023-37263 affects Strapi (open-source headless CMS). The issue: field-level permissions are not respected in the relationship title, causing a field the user should not see to be visible when a relation includes that field. Impact is described as information disclosure under older releases. ...
CVE-2023-37263
creationtimestamp| type| source ---|---|--- 2023-09-13 15:15:38+00:00| published-proof-of-concept| https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc 2023-09-15 22:25:38+00:00| seen| https://t.me/cibsecurity/70607...