Search for packages
| purl | pkg:npm/%40strapi/plugin-users-permissions@4.6.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1nkk-pvsd-x7dn | Improper Authentication Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. |
CVE-2023-22893
GHSA-583x-23h9-f5w7 |
| VCID-crp3-d3de-6uhk | Authentication Bypass in @strapi/plugin-users-permissions Strapi through 4.5.6 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. |
GHSA-xv3q-jrmm-4fxv
GMS-2023-1157 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T17:15:27.076092+00:00 | GithubOSV Importer | Fixing | VCID-1nkk-pvsd-x7dn | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-583x-23h9-f5w7/GHSA-583x-23h9-f5w7.json | 38.6.0 |
| 2026-06-04T17:15:26.337953+00:00 | GithubOSV Importer | Fixing | VCID-crp3-d3de-6uhk | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-xv3q-jrmm-4fxv/GHSA-xv3q-jrmm-4fxv.json | 38.6.0 |
| 2026-06-02T04:44:35.129572+00:00 | GitLab Importer | Fixing | VCID-1nkk-pvsd-x7dn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@strapi/plugin-users-permissions/CVE-2023-22893.yml | 38.6.0 |
| 2026-06-02T04:44:34.680823+00:00 | GitLab Importer | Fixing | VCID-crp3-d3de-6uhk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@strapi/plugin-users-permissions/GMS-2023-1157.yml | 38.6.0 |