Unauthorized Access to Private Fields in User Registration API in strapi
CVE-2023-39345

7.6HIGH

Key Information:

Vendor: Strapi
Status: Strapi
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-39345?

Strapi, an open-source headless Content Management System, exposed a vulnerability due to inadequate restrictions on write access in the user registration endpoint. This flaw allows malicious users to unintentionally modify their user records. The issue has been rectified in version 4.13.1. It is strongly advised for users to update their installations to this version as there are no workarounds available to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

strapi >= 4.0.0, < 4.13.1

References

https://github.com/strapi/strapi/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Jul 28, 2023

JSON

Strapi