Vulnerability Description
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strapi | Strapi | < 4.19.1 |
Related Weaknesses (CWE)
References
- https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6Patch
- https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26mExploitVendor Advisory
- https://github.com/strapi/strapi/commit/e1dfd4d9f1cab25cf6da3614c1975e4e508e01c6Patch
- https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26mExploitVendor Advisory
FAQ
What is CVE-2024-29181?
CVE-2024-29181 is a vulnerability with a CVSS score of 2.3 (LOW). Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this h...
How severe is CVE-2024-29181?
CVE-2024-29181 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29181?
Check the references section above for vendor advisories and patch information. Affected products include: Strapi Strapi.