CVE-2023-22893

HIGH EXPLOITED NUCLEI

Strapi < 4.6.0 - Authentication Bypass

Title source: rule

Description

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.

Nuclei Templates (1)

Strapi Versions <=4.5.6 - Authentication Bypass

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

FOFA: app="strapi-Headless-CMS"

References (3)

[Release Notes] https://github.com/strapi/strapi/releases

[Exploit, Vendor Advisory] https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve

[Exploit, Third Party Advisory] https://www.ghostccamm.com/blog/multi_strapi_vulns/

Scores

CVSS v3 7.5

EPSS 0.7729

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-06-23

CWE

CWE-287

Status published

Products (2)

strapi/plugin-users-permissions 3.2.1 - 4.6.0npm

strapi/strapi 3.0.0 - 4.6.0

Published Apr 19, 2023

Tracked Since Feb 18, 2026