EUVD-2022-44967

Malicious code in bioql PyPI...

CVE-2022-41799

Improper access control vulnerability in GROWI prior to v5.1.4 v5 series and versions prior to v4.5.25 v4 series allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users...

CVE-2022-41799

Improper access control vulnerability in GROWI prior to v5.1.4 v5 series and versions prior to v4.5.25 v4 series allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users...

PT-2022-26078 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 5.1.4 GROWI versions prior to 4.5.25 Description: The issue allows a remote authenticated attacker to bypass access restrictions and download markdown data from pages set to private by other users. Recommendations: For...

Growi vulnerable to improper access control

Overview GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A us...