CVE-2023-39345

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 6, 2023

Updated: Nov 14, 2023

CWE ID 287

Summary

CVE-2023-39345 is a vulnerability affecting the open-source headless Content Management System (CMS), Strapi. Prior to version 4.13.1, Strapi did not adequately restrict write access to fields marked as private in the user registration endpoint. This flaw enables malicious users to inadvertently modify their user records. The issue has been resolved in version 4.13.1. It is recommended that users upgrade as soon as possible, as no known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

strapi

Affected Vendors

Strapi

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sJYAEO
https://www.cve.org/CVERecord?id=CVE-2023-39345
https://nvd.nist.gov/vuln/detail/CVE-2023-39345

Back to Vulnerability Database