Количество 2
Количество 2
CVE-2023-22893
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
GHSA-583x-23h9-f5w7
Strapi does not verify the access or ID tokens issued during the OAuth flow
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-22893 Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. | CVSS3: 7.5 | 66% Средний | почти 3 года назад |
| GHSA-583x-23h9-f5w7 Strapi does not verify the access or ID tokens issued during the OAuth flow | 66% Средний | почти 3 года назад |
Уязвимостей на страницу