Information Disclosure

2023-09-1512:29:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

strapi

vulnerability

sensitive information

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Strapi is vulnerable to Sensitive Information Disclosure. This vulnerability is due to the /content-manager/relations route which does not mask private fields. An attacker can exploit this vulnerability to disclose sensitive information such as password tokens, user information etc.

CPENameOperatorVersion
@strapi/utilsle4.11.6
@strapi/adminle4.11.6
@strapi/plugin-content-managerle4.11.6
@strapi/utilsle4.11.6
@strapi/adminle4.11.6
@strapi/plugin-content-managerle4.11.6

Name	Operator	Version
@strapi/utils	le	4.11.6
@strapi/admin	le	4.11.6
@strapi/plugin-content-manager	le	4.11.6
@strapi/utils	le	4.11.6
@strapi/admin	le	4.11.6
@strapi/plugin-content-manager	le	4.11.6