Description

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.

INFO

Published Date :

2024-06-12T14:46:04.902Z

Last Modified :

2024-08-02T01:10:54.079Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-29181 vulnerability.

Vendors Products
Strapi
  • Strapi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-29181.

URL Resource
https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6 cve-icon cve-icon cve-icon
https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact