CVE-2024-29181

LOW EPSS 30.3%
Published Jun 12, 20242y ago · Modified Jun 17, 20261w ago
3.5 CVSS 3.1
Low
Find Similar
Published Jun 12, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.

CVSS Details

Base Score
3.5
Exploitability
2.1
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
30.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-639

Affected Products 1

VendorProductVersionRange
strapistrapi* <4.19.1

References 2

  • github.com https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6
    Patch
  • github.com https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6
    Patch