CVE-2023-22893 – @strapi/plugin-users-permissions

Package

Manager: npm
Name: @strapi/plugin-users-permissions
Vulnerable Version: >=3.2.1 <4.6.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.69325 pctl0.98592

Details

Strapi does not verify the access or ID tokens issued during the OAuth flow Strapi 3.2.1 until 4.6.0 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.

Metadata

Created: 2023-04-19T18:33:22Z
Modified: 2023-04-24T18:43:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-583x-23h9-f5w7/GHSA-583x-23h9-f5w7.json
CWE IDs: []
Alternative ID: GHSA-583x-23h9-f5w7
Finding: F184
Auto approve: 1