{"vulnerability": "CVE-2023-36472", "sightings": [{"uuid": "8b785725-9269-4720-935b-e82301371b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36472", "type": "seen", "source": "https://t.me/cibsecurity/70609", "content": "\u203c CVE-2023-36472 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T22:25:41.000000Z"}]}