I am running multiple (most of them “low-budget”) customer projects that use the latest v3 version of strapi. Most of them are not willed to pay for updating to strapi v4 or simply are out-of-budget for that.
I want to prepare for the worst-case - when the details to the “security issue” explained in v4.5.6 GitHub - strapi/strapi at v4.5.6 are released - and maybe have some “temporary quickfix” to hand.
Please note that this security vulnerability can only be exploited if the malicious actor currently has access to your admin panel.
So my question is: What is the meaning of “has access to your admin panel”?
Is the malicious actor only required to have access to the login-screen of the admin-panel? (access
/admin from the internet?)
Or does that mean the malicious actor needs to have an strapi-admin-user-account (with whatever role associated)?
Thanks in advance,