Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.7 views

CVE-2023-37263

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...

6.8CVSS6.7AI score0.00534EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/09/15 6:57 p.m.13 views

CVE-2023-37263 Strapi's field level permissions not being respected in relationship title

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...

6.8CVSS6.6AI score0.00534EPSS
Exploits1References2
CVE
CVE
added 2023/09/15 6:57 p.m.105 views

CVE-2023-37263

CVE-2023-37263 affects Strapi (open-source headless CMS). The issue: field-level permissions are not respected in the relationship title, causing a field the user should not see to be visible when a relation includes that field. Impact is described as information disclosure under older releases. ...

6.8CVSS5AI score0.00534EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2023/09/13 3:15 p.m.5 views

CVE-2023-37263

creationtimestamp| type| source ---|---|--- 2023-09-13 15:15:38+00:00| published-proof-of-concept| https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc 2023-09-15 22:25:38+00:00| seen| https://t.me/cibsecurity/70607...

6.8CVSS6AI score0.00534EPSS
Exploits1References2
Rows per page
Query Builder