logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-29181

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-29181

Description:
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.
Last updated date:
09/26/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
09/26/2024
Reference url to background

https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy