Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
CVSS Score
7.5
EPSS Score
0.693
Published
2023-04-19
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.
CVSS Score
4.9
EPSS Score
0.14
Published
2023-04-19
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-06-13
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-02-26
Page 2