CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users.

CVSS v3 7.5 HIGH
CVSS v2.0 6.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:strapi:strapi::::::::
	cpe:2.3:a:strapi:strapi::::::::

History

06 Jun 2022, 17:29

Type	Values Removed	Values Added
First Time		Strapi Strapi strapi
References	~~(MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi -~~	(MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi - Third Party Advisory
CWE		CWE-212
CPE		cpe:2.3:a:strapi:strapi::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.0 v3 : 7.5

19 May 2022, 18:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-19 18:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-30618

Mitre link : CVE-2022-30618

CVE.ORG link : CVE-2022-30618

JSON object : View

Products Affected

strapi

strapi

CWE

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

{"id": "CVE-2022-30618", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2022-05-19T18:15:09.637", "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-strapi", "tags": ["Third Party Advisory"], "source": "disclosure@synopsys.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-212"}]}, {"type": "Secondary", "source": "disclosure@synopsys.com", "description": [{"lang": "en", "value": "CWE-212"}]}], "descriptions": [{"lang": "en", "value": "An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users\u2019 accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users."}, {"lang": "es", "value": "Un usuario autenticado con acceso al panel de administraci\u00f3n de Strapi puede visualizar datos privados y confidenciales, como el correo electr\u00f3nico y los tokens de restablecimiento de contrase\u00f1a, para los usuarios de la API si los tipos de contenido accesibles para el usuario autenticado contienen relaciones con los usuarios de la API (from:users-permissions). Se presentan muchos escenarios en los que estos detalles de los usuarios de la API pueden filtrarse en la respuesta JSON dentro del panel de administraci\u00f3n, ya sea mediante una relaci\u00f3n directa o indirecta. El acceso a esta informaci\u00f3n permite a un usuario comprometer las cuentas de estos usuarios si los endpoints de la API de restablecimiento de contrase\u00f1a han sido habilitados. En el peor de los casos, un usuario con pocos privilegios podr\u00eda acceder a una cuenta de la API con altos privilegios, y podr\u00eda leer y modificar cualquier dato, as\u00ed como bloquear el acceso tanto al panel de administraci\u00f3n como a la API al revocar los privilegios de todos los dem\u00e1s usuarios"}], "lastModified": "2022-06-06T17:29:31.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02E592C9-FFDC-4DB5-BF02-205DB10A18A9", "versionEndExcluding": "3.6.10", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AED7B5F2-334A-4940-81DE-9F35D21AD01A", "versionEndExcluding": "4.1.10", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@synopsys.com"}