Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Strapi's field level permissions not being respected in relationship title
Vulnerability Description
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Strapi 信息泄露漏洞
Vulnerability Description
Strapi是一套开源的内容管理系统(CMS)。 Strapi 4.12.0及之前版本存在信息泄露漏洞,该漏洞源于RBAC字段会泄漏管理员用户信息。
CVSS Information
N/A
Vulnerability Type
N/A