Lucene search

PRIOn knowledge basePRION:CVE-2023-50294

HistoryDec 26, 2023 - 8:15 a.m.

Code injection

2023-12-2608:15:00

PRIOn knowledge base

www.prio-n.com

code injection

app settings

growi v6.0.6

sensitive information

cleartext form

secret access key

external service

attacker

nvd

6.6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.3%

JSON

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

CPENameOperatorVersion
growilt6.0.6

CPE	Name	Operator	Version
	growi	lt	6.0.6

References

jvn.jp/en/jp/JVN18715935/

weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/