CVE-2024-34065

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34065
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc
Configurations

No configuration.

History

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Strapi es un sistema de gestión de contenidos de código abierto. Al combinar dos vulnerabilidades (un `Open Redirect` y un `token de sesión enviado como parámetro de consulta de URL`) en @strapi/plugin-users-permissions antes de la versión 4.24.2, es posible que un atacante no autenticado evite los mecanismos de autenticación y recupere the 3rd party tokens. El ataque requiere la interacción del usuario (un clic). Los atacantes no autenticados pueden aprovechar dos vulnerabilidades para obtener un token de terceros y evitar la autenticación de las aplicaciones Strapi. Los usuarios deben actualizar @strapi/plugin-users-permissions a la versión 4.24.2 para recibir un parche.

12 Jun 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 15:15

Updated : 2024-06-13 18:36

NVD link : CVE-2024-34065

Mitre link : CVE-2024-34065

CVE.ORG link : CVE-2024-34065

JSON object : View

Products Affected

No product.

CWE
CWE-294

Authentication Bypass by Capture-replay

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')