Lucene search

GoogleOSV:CVE-2022-41799

HistoryOct 24, 2022 - 2:15 p.m.

CVE-2022-41799

2022-10-2414:15:52

Google

osv.dev

improper access control

growi

remote attacker

access restriction

download vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

39.9%

JSON

Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.

References

jvn.jp/en/jp/JVN00845253/index.html

weseek.co.jp/en/news/2022/10/07/growi-private-page-can-be-viewed/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

39.9%

JSON

Related for OSV:CVE-2022-41799