2 matches found
CVE-2022-41799
Improper access control vulnerability in GROWI prior to v5.1.4 v5 series and versions prior to v4.5.25 v4 series allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users...
Growi vulnerable to improper access control
Overview GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A us...