Home > Vulnerability Database > CVE-2024-29181

Mend.io Vulnerability Database

CVE-2024-29181

Good to know:

Date: June 12, 2024

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.

Language: TYPE_SCRIPT

Severity Score

2.3

Related Resources (5)

Url: https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m

Url: https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29181

Url: https://github.com/strapi/strapi

Url: https://www.mend.io/vulnerability-database/CVE-2024-29181

Severity Score

2.3

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version @strapi/plugin-content-manager - 4.19.1

Learn More

CVSS v3.1

Base Score:	2.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29181

Good to know:

Date: June 12, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?