CVE-2023-22893 is an authentication bypass in strapi when using the AWS cognito provider.
$ docker build -t strapi:vuln -f vulnerable.Dockerfile .
$ docker create --name strapi -p 127.0.0.1:1337:1337 strapi:vuln
$ docker start strapi
$ docker build -t strapi:novuln -f non-vulnerable.Dockerfile .
$ docker create --name strapi -p 127.0.0.1:1337:1337 strapi:novuln
$ docker start strapi
Both images requires post-installation setup:
- You will need to create an admin account (app running on TCP port 1337)
- The AWS cognito provider must be enabled:
- Administration panel > Settings > User & Permissions plugin > Providers
- Edit button
- Set enable to TRUE
- Set random values for Client ID, Client Secret and Host URI
- If setting up the non-vulnerable instance, don't forget to set a JWKS URL
that is different from
http:https://127.0.0.1:1337/tsunami/
From this point on, the instance should be ready.