How severe is CVE-2023-22894?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-22894?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2023-22894

MEDIUM Year: 2023

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-312

View all →

Vulnerability Description

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.

CVE-2019-18615

MEDIUM

CVSS:4.9(Medium)

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user passwor...

CWE-3122019

CVE-2020-11415

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in clea...

CWE-3122020

CVE-2021-20162

MEDIUM

CVSS:4.9(Medium)

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains t...

CWE-3122021

CVE-2021-22206

MEDIUM

CVSS:4.9(Medium)

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,

CWE-3122021

CVE-2021-27233

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is ...

CWE-3122021

CVE-2021-33325

MEDIUM

CVSS:4.9(Medium)

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the...

CWE-3122021

CVE-2023-22894

Vulnerability Description

Related Vulnerabilities

CVE-2019-18615

CVE-2020-11415

CVE-2021-20162

CVE-2021-22206

CVE-2021-27233

CVE-2021-33325