Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-85vg-grr5-pw42: Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request. From this, the attacker can get the victim’s cookie, base64 decode it, and obtain a cleartext password, leading to getting API documentation for further API attacks.

ghsa
#vulnerability#git

Insecure password handling vulnerability in Strapi

High severity GitHub Reviewed Published May 4, 2022 • Updated May 18, 2022

ghsa: Latest News

GHSA-cmwp-442x-3rcv: Piranha CMS Cross-site Scripting vulnerability