2 matches found
CVE-2023-22894
Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...
CVE-2023-22894
Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...