Description
AWS Cognito login provider of Strapi is vulnerable to an authentication bypass vulnerability due to a lack of JWT signature verification. It allows unauthenticated users to compromise the system.
Remediation
Upgrade to the latest version of Strapi
References
Security Disclosure of Vulnerabilities: CVE-2023-22893, CVE-2023-22621, and CVE-2023-22894
Multiple Critical Vulnerabilities in Strapi Versions <=4.7.1
Related Vulnerabilities
WordPress Plugin Warranties and Returns for WooCommerce Security Bypass (5.2.1)
WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Security Bypass (1.6.15)
WordPress Plugin Profile Builder-User Profile & User Registration Forms Security Bypass (1.1.59)