Source |
CSO |
Identifiant |
4706710 |
Date de publication |
2022-05-19 05:47:00 (vue: 2022-05-19 13:05:06) |
Titre |
Two account compromise flaws fixed in Strapi headless CMS |
Texte |
Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
access according account accounts achieved administrative administrator allow api article attackers being can center click cms compromise compromised content could credentials cybersecurity cyrc data development entirely first fix fixed flaws focused full gain headless here higher installations javascript lead low management means methods need other password perform phishing please popular possible privileged privileges read research researchers reset sensitive should soon strapi such synopsys system two update used user users vulnerabilities written |
Tags |
Guideline
|
Stories |
|
Notes |
|
Move |
|