Strapi Security Vulnerabilities and Issues — Strapi CVE List

Lucene search

StrapiStrapi

3 matches found

CVE•added 2022/05/03 6:15 p.m.•1332 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to gett...

7.5CVSS7.3AI score0.03089EPSS

CVE•added 2022/05/19 6:15 p.m.•534 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privile...

9CVSS8.5AI score0.00381EPSS

CVE•added 2022/05/19 6:15 p.m.•517 views

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in whic...

7.5CVSS7.5AI score0.00312EPSS