CVE-2023-34093

Summary

CVE-2023-34093 is a vulnerability affecting Strapi, an open-source headless content management system. Prior to version 4.10.8, it was possible for anyone, including developers and users, to publicly expose any attribute of a Content-Type without knowledge or consent. This vulnerability lies in the handling of content types by Strapi, not the attributes themselves. The issue arises when the `privateAttributes` getter is inadvertently removed, making any attribute susceptible to exposure. Attackers could potentially gain access to sensitive information or take control of the entire system, resulting in a serious security risk. This vulnerability impacts users who create or modify Content-Types, and version 4.10.8 has been released to address the issue with a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.