4 matches found
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753
CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...