How severe is CVE-2023-34093?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-34093?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-34093 - HIGH Severity | CVSS 7.1

Vulnerability Description

Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.

Related Vulnerabilities

CVE-2016-0089

HIGH

CVSS:7.1(High)

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Info...

CWE-2002016

CVE-2016-0090

HIGH

CVSS:7.1(High)

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information D...

CWE-2002016

CVE-2016-10339

HIGH

CVSS:7.1(High)

In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.

CWE-2002016

CVE-2016-1360

HIGH

CVSS:7.1(High)

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging...

CWE-2002016

CVE-2016-2015

HIGH

CVSS:7.1(High)

HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.

CWE-2002016

CVE-2016-4660

HIGH

CVSS:7.1(High)

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the...

CWE-2002016