Main Vulnerability Database SB2024061244

SB2024061244 - Improper access control in strapi

Published: June 12, 2024 Updated: April 23, 2026

Security Bulletin ID SB2024061244

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2024-29181)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in relation selection in the Admin Panel when handling association dropdowns for private collections. A remote user can create a new item and view associated items from another user's protected collection to disclose sensitive information.

User interaction is required to create or edit an item and open the association dropdown.

Remediation

Install update from vendor's website.

References

https://github.com/strapi/strapi/security/advisories/GHSA-6j89-frxc-q26m
https://github.com/advisories/GHSA-6j89-frxc-q26m