5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-36472

CVE-2023-36472: Strapi may leak sensitive user information, user reset password, tokens via content-manager views

Summary

I can get access to user reset password tokens if I have the configure view permissions b37a6fd9eae06027e7d91266f1908a3d 6c1da5b3bfbb3bca97c8d064be0ecb05

Details

/content-manager/relations route does not remove private fields or ensure that they can't be selected

PoC

Install fresh strapi instance start up strapi and create an account create a new content-type give the content-type a relation with admin users and save go to Admin panel roles Author and then plugins. Enable for content-manager collection types the configure view In the collection time now only give them access to the collection you created for this. Create a new admin user account with the Author role Log out and request a password reset for the main admin user. Login on the newly created account go to the collection type you created for this test and click the create new entry button, click in the create new entry view on configure view. select the admin user relation we created click on resetPasswordToken Now go back to the create an entry view and when selection the relation we created we now see the reset tokken

Impact

Impact is that the none admin user now has the reset token of the admin users account and can resets its password using that to escalate his privilege's

Still you need the configure view permission to be able to escalate your privilege's

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-36472

CVE-2023-36472:

5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@strapi/plugin-content-manager	npm	< 4.11.7	4.11.7
@strapi/admin	npm	< 4.11.7	4.11.7
@strapi/utils	npm	< 4.11.7	4.11.7

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key failures: 1) The relations controller endpoint (findRelations) allows selection of sensitive fields through the UI's configure view feature without proper authorization checks. 2) The output sanitization process (sanitizeOutput) doesn't adequately remove private fields from admin user relations. This matches the described attack pattern where users with configure permissions can expose resetPasswordToken through relation selection. The functions are inferred from Strapi's architecture where content-manager handles relations and entity management handles output sanitization, with the CVE description specifically implicating the relations route and field selection mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-36472: Strapi may leak sensitive user information, user reset password, tokens via content-manager views

Summary

Details

PoC

Impact

CVE-2023-36472:

5.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2023-36472: Strapi may leak sensitive user information, user reset password, tokens via content-manager views

Summary

Details

PoC

Impact

5.8

5.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI