CVE-2024-29181

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-639
View all →

Vulnerability Description

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch.

Related Vulnerabilities

CVE-2023-44154

LOW
CVSS:3.5(Low)

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-6392023

CVE-2023-44205

LOW
CVSS:3.5(Low)

Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-6392023

CVE-2024-52507

LOW
CVSS:3.5(Low)

Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited...

CWE-6392024

CVE-2024-9097

LOW
CVSS:3.5(Low)

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.

CWE-6392024

CVE-2019-9219

LOW
CVSS:3.7(Low)

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).

CWE-6392019

CVE-2023-38872

LOW
CVSS:3.7(Low)

An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of ...

CWE-6392023