4 matches found
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753
CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...
EUVD-2025-177187
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
PT-2025-46917
Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7 Description grist-core is a spreadsheet hosting server. A user with limited read access to a document could access endpoints that reveal hashes for different versions of the document and obtain a complete lis...