3 matches found
CVE-2022-30618
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...
@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30618 via strapi (>=3.0.0 <=3.6.8)
strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...
CVE-2022-30618
The CVE-2022-30618 entry describes a vulnerability in Strapi where an authenticated user with access to the Strapi admin panel can view private data (e.g., email, password reset tokens) of API users when content types have relationships to API users (from: users-permissions). The leak occurs in J...