Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Strapi 安全漏洞
Vulnerability Description
Strapi是一套开源的无头内容管理系统(CMS)。 Strapi 存在安全漏洞,该漏洞源于 DOCUMENTATION 插件组件中以可恢复格式存储密码。攻击者利用此漏洞访问受害者的 HTTP 请求,获取受害者的 cookie,对受害者的 cookie 执行 base64 解码,并 获取明文密码,从而获取 API 文档以进行进一步的 API 攻击。以下产品和版本受到影响:3.6.9 之前版本和 4.1.5 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A