Lucene search
@huntrdevCVELIST:CVE-2021-3852HistoryJan 12, 2022 - 10:15 a.m.
CVE-2021-3852 Authorization Bypass Through User-Controlled Key in weseek/growi
2022-01-1210:15:11
CWE-639
@huntrdev
www.cve.org
4
vulnerability
weseek
growi
authorization bypass
user-controlled key
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
39.3%
growi is vulnerable to Authorization Bypass Through User-Controlled Key
CNA Affected
[
{
"product": "weseek/growi",
"vendor": "weseek",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authorization
2022-01-12 11:15:00
nvd
nvd
CVE-2021-3852
2022-01-12 11:15:08
cve
cve
CVE-2021-3852
2022-01-12 11:15:08
osv
osv
CVE-2021-3852
2022-01-12 11:15:08
huntr
huntr
in weseek/growi
2021-09-08 23:41:11
veracode
veracode
Privilege Escalation
2022-01-13 17:24:06
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
39.3%
Related for CVELIST:CVE-2021-3852