Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:10 a.m.7 views

CVE-2023-39345

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users...

7.6CVSS6.6AI score0.00496EPSS
Exploits1
CVE
CVE
added 2023/11/06 6:26 p.m.69 views

CVE-2023-39345

CVE-2023-39345 affects the Strapi open‑source CMS. According to the sources, versions prior to 4.13.1 did not properly restrict write access to fields marked as private in the user registration endpoint, allowing a malicious user to modify their own records. The issue is addressed in version 4.13...

7.6CVSS7.3AI score0.00496EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/06 6:26 p.m.12 views

CVE-2023-39345 Unauthorized Access to Private Fields in User Registration API in strapi

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users...

7.6CVSS7.4AI score0.00496EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/11/03 7:1 p.m.4 views

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.2 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-39345 via @strapi/plugin-users-permissions (>=4.0.2 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.2, =1.0.0-alpha.2, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-39345 Source advisory: OSV:GHSA-GC7P-J5XM-XXH2...

7.6CVSS7.1AI score0.00496EPSS
Exploits1
Rows per page
Query Builder