Lucene search
K

5 matches found

vulnersosv
vulnersosv
added 2023/04/19 9:41 p.m.5 views

@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bilberrry/strapi-plugin-link-finder (>=1.0.1 <=1.0.2) +118 more potentially affected by CVE-2023-22894 via @strapi/strapi (>=4.0.0-beta.0 <=4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e)

@strapi/strapi NPM version =4.0.0-beta.0, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =0.0.1, =1.0.5, =1.0.5, =1.0.9, =0.0.1, =0.1.0, =1.3.2, =1.7.0 - @iliad.dev/atlas-adapter =0.2.11 and more Source cves: CVE-2023-22894 Source advisory: OSV:GHSA-JJQF-J4W7-92W8...

9.8CVSS6.2AI score0.01658EPSS
Exploits2
osv
osv
added 2023/04/19 9:41 p.m.35 views

GHSA-JJQF-J4W7-92W8 Strapi leaking sensitive user information by filtering on private fields

Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...

7.5CVSS5.4AI score0.01658EPSS
Exploits2References7
github
github
added 2023/04/19 9:41 p.m.60 views

Strapi leaking sensitive user information by filtering on private fields

Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...

9.8CVSS6.5AI score0.01658EPSS
Exploits2References7Affected Software1
cve
cve
added 2023/04/19 12:0 a.m.200 views

CVE-2023-22894

Strapi vulnerability CVE-2023-22894 (affecting Strapi before 4.8.0) allows unauthenticated attackers to infer sensitive user details by manipulating public collection query filters. This can reveal password hashes and password reset tokens for administrators and API users, potentially leading to ...

9.8CVSS5.2AI score0.01658EPSS
Exploits2References3Affected Software1
vulnrichment
vulnrichment
added 2023/04/19 12:0 a.m.18 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

5AI score0.01658EPSS
Exploits2References3
Rows per page
Query Builder