Lucene search
K

4 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/23 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-22893

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that...

8.2CVSS5.8AI score0.04158EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/04/19 6:33 p.m.5 views

@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +27 more potentially affected by CVE-2023-22893 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.5.1)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =2.1.0, =1.0.0, =0.1.1, =0.0.1, =0.1.0, =1.0.10, =4.3.15 - robsen-strapi-site =0.1.0 - sneakmax =0.1.0 and more Source cves: CVE-2023-22893 Source advisory: OSV:GHSA-583X-23H9-F5W7...

8.2CVSS7.1AI score0.04158EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.10 views

CVE-2023-22893

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that...

7.7AI score0.04158EPSS
Exploits1References3
CVE
CVE
added 2023/04/19 12:0 a.m.152 views

CVE-2023-22893

Affected software : Strapi (open-source CMS) prior to 4.5.6. Vulnerability : Strapi versions up to 4.5.5/4.5.6-era did not verify access or ID tokens during the OAuth flow when using the AWS Cognito login provider, allowing a remote attacker to forge a token and bypass authentication. Root cause ...

8.2CVSS7.7AI score0.04158EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder