2.3 Low
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to improper access control, allowing users with the Author Role to see items in a collection associated with another collection that they did not create.
CPE | Name | Operator | Version |
---|---|---|---|
@strapi/plugin-content-manager | le | 4.19.0 | |
@strapi/plugin-content-manager | le | 4.19.0 |
2.3 Low
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%