In Strapi, an open-source headless content management system (CMS), versions prior to 4.10.8 can suffer from private fields leak when using the t(number) prefix in Knex query. This vulnerability can lead to further filtering attacks on the admin account, potentially exposing sensitive user information such as passwords and reset-tokens. The issue has been addressed in Strapi version 4.10.8.
Strapi is a popular, open-source headless CMS that allows developers to create, manage, and distribute content through RESTful APIs, GraphQL, or other platforms. However, a vulnerability has been discovered in versions prior to 4.10.8, which can lead to private field leaks.
The vulnerability lies in the way Knex query handles the t(number) prefix. By changing the default prefix, users can manipulate the query to target other tables. For example, if a user changes the prefix to another table:
// Original query: password // After prefix change: t1.password
In this scenario, the
field is protected by filtering mechanisms in place. However, when using the
notation, these protections are not applied. This allows an attacker to potentially access sensitive information related to the target object, such as admin account passwords and reset-tokens.
To exploit this vulnerability, an attacker can manipulate the default prefix and target specific tables that may hold sensitive information. By doing so, they can gain access to private fields that were not meant to be accessible. The attacker may then use this information to launch further attacks, including attempting to login to an admin account using a leaked password.
To protect yourself from this vulnerability, update Strapi to version 4.10.8 or later, which comes with a fix for the issue. Additionally, monitor your Strapi CMS instances for any suspicious activity and be sure to follow best practices for securing your Strapi instance.
- Strapi changelog,
With the discovery of CVE-2023-34235, it has become clear that Strapi users should update to version 4.10.8 or later for protection against potential field leak attacks. As always, it is important to remain vigilant about your software's security and maintain regular updates to keep systems protected against new threats.
Published on: 07/25/2023 18:15:00 UTC
Last modified on: 08/02/2023 19:02:00 UTC