Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Vulnerability Description
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Strapi 安全漏洞
Vulnerability Description
Strapi是一套开源的内容管理系统(CMS)。 Strapi 4.19.1之前版本存在安全漏洞,该漏洞源于当超级管理员创建一个集合,其中集合中的项目与另一个集合有关联时,具有作者角色的另一个用户可以看到他们未创建的关联项目列表。
CVSS Information
N/A
Vulnerability Type
N/A