Authentication Bypass Using an Alternate Path or Channel
CVE-2023-22893
Summary
strapi-plugin-users-permissions in versions 3.2.1 through 3.6.11 and @strapi/plugin-users-permissions in versions 4.0.0 through 4.6.0-beta.2 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
References
Advisory Timeline
- Published