strapi is vulnerable to information disclosure. A remote authenticated attacker with access to the Strapi admin panel
is able to gain access to private and sensitive data, such as email and password reset tokens and compromise other users’ accounts by successfully invoking the password reset procedure.