CVE-2023-39345
Summary
Strapi, an open-source headless CMS, had a vulnerability in versions prior to 4.13.1 where private fields in the user registration endpoint were not properly restricted. This allowed malicious users to modify their user records. The issue has been fixed in version 4.13.1.
IFF Assessment
FOE
This vulnerability allows unauthorized modification of user records, posing a direct risk to data integrity and user accounts.
Severity
7.6
High
Defender Context
This vulnerability highlights the importance of strict access controls, especially for sensitive user data in CMS platforms. Defenders should ensure their Strapi instances are updated to the latest version to mitigate the risk of unauthorized record modification.