5 matches found
@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bilberrry/strapi-plugin-link-finder (>=1.0.1 <=1.0.2) +118 more potentially affected by CVE-2023-22894 via @strapi/strapi (>=4.0.0-beta.0 <=4.7.2-exp.24dd7d95972fa822bf43e9b095b51027402c229e)
@strapi/strapi NPM version =4.0.0-beta.0, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =0.0.1, =1.0.5, =1.0.5, =1.0.9, =0.0.1, =0.1.0, =1.3.2, =1.7.0 - @iliad.dev/atlas-adapter =0.2.11 and more Source cves: CVE-2023-22894 Source advisory: OSV:GHSA-JJQF-J4W7-92W8...
GHSA-JJQF-J4W7-92W8 Strapi leaking sensitive user information by filtering on private fields
Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...
Strapi leaking sensitive user information by filtering on private fields
Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...
CVE-2023-22894
Strapi vulnerability CVE-2023-22894 (affecting Strapi before 4.8.0) allows unauthenticated attackers to infer sensitive user details by manipulating public collection query filters. This can reveal password hashes and password reset tokens for administrators and API users, potentially leading to ...
CVE-2023-22894
Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...