Loading
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
Use CWE-276, Strapi vendor hub and Strapi product page to widen CVE-2020-27665 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-37818, CVE-2024-56143 and CVE-2023-39345 for nearby disclosures in the same product family.