3 matches found
CVE-2023-22894
Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...
CVE-2023-22894
Strapi through 4.5.5 allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...
Information Disclosure
log4js is vulnerable to information disclosure. Log files with sensitive user details are vulnerable when users have not supplied their own permissions for the said files via the mode parameter in the config allowing attackers to gain access to the sensitive information from log files...