Data Exposure Vulnerability in Strapi Open-Source CMS
CVE-2024-29181

3.5LOW

Key Information:

Vendor: Strapi
Status: Strapi
Vendor: CVE Published:; 12 June 2024

What is CVE-2024-29181?

An issue in Strapi, an open-source content management system, allows users with Author Role to access collections of items they did not create, leading to unintended data exposure. This occurs when a super admin creates a collection that links to another collection. The affected users can view all associated items instead of just their own. To mitigate this vulnerability, users are advised to upgrade the @strapi/plugin-content-manager to version 4.19.1.

References

https://github.com/strapi/strapi/security/advisories/GHSA...

https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024

CVE-2024-29181 Data

JSON