3 matches found
CVE-2022-30617
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...
CVE-2022-30617
creationtimestamp| type| source ---|---|--- 2022-05-19 22:29:47+00:00| seen| https://t.me/cibsecurity/42994...
CVE-2022-30617
The CVE-2022-30617 issue affects Strapi where an authenticated admin-panel user can read private data (e.g., emails, password reset tokens) for other admin users via related content in the JSON response. This leakage occurs across relationships (e.g., content created/updated by another user) and ...