Skip to main content

Authentication Bypass Using an Alternate Path or Channel

CVE-2023-22893

Severity High
Score 7.5/10

Summary

strapi-plugin-users-permissions in versions 3.2.1 through 3.6.11 and @strapi/plugin-users-permissions in versions 4.0.0 through 4.6.0-beta.2 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Advisory Timeline

  • Published