Количество 2
Количество 2
CVE-2023-36472
Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.
GHSA-v8gg-4mq2-88q4
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-36472 Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7. | CVSS3: 5.8 | 0% Низкий | больше 2 лет назад |
| GHSA-v8gg-4mq2-88q4 Strapi may leak sensitive user information, user reset password, tokens via content-manager views | CVSS3: 5.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу