CVE-2023-22893 is an authentication bypass in strapi when using the AWS cognito provider.

$ docker build -t strapi:vuln -f vulnerable.Dockerfile .
$ docker create --name strapi -p 127.0.0.1:1337:1337 strapi:vuln
$ docker start strapi

$ docker build -t strapi:novuln -f non-vulnerable.Dockerfile .
$ docker create --name strapi -p 127.0.0.1:1337:1337 strapi:novuln
$ docker start strapi

Both images requires post-installation setup:

• You will need to create an admin account (app running on TCP port 1337)
• The AWS cognito provider must be enabled:
  • Administration panel > Settings > User & Permissions plugin > Providers
  • Edit button
  • Set enable to TRUE
  • Set random values for Client ID, Client Secret and Host URI
  • If setting up the non-vulnerable instance, don't forget to set a JWKS URL that is different from http:https://127.0.0.1:1337/tsunami/

From this point on, the instance should be ready.