Description
Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication.
Remediation
References
https://www.ghostccamm.com/blog/multi_strapi_vulns/
https://github.com/strapi/strapi/releases
https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve
Related Vulnerabilities
CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc
CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar
CVE-2023-2479 Vulnerability in npm package appium-desktop
CVE-2022-35949 Vulnerability in npm package undici
CVE-2020-8203 Vulnerability in maven package org.fujion.webjars:lodash