5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
18.1%
Strapi is vulnerable to Sensitive Information Disclosure. This vulnerability is due to the /content-manager/relations
route which does not mask private fields. An attacker can exploit this vulnerability to disclose sensitive information such as password tokens, user information etc.