Growi@4.2.2 Security Vulnerabilities and Issues — Growi@4.2.2 CVE List

Lucene search

WeseekGrowi4.2.2

5 matches found

CVE•added 2021/03/10 10:15 a.m.•35 views

CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.

4CVSS3.9AI score0.00283EPSS

CVE•added 2021/03/10 10:15 a.m.•33 views

CVE-2021-20670

Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.

7.5CVSS7.2AI score0.01041EPSS

CVE•added 2021/03/10 10:15 a.m.•32 views

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.

7.2CVSS7.3AI score0.02211EPSS

CVE•added 2021/03/10 10:15 a.m.•31 views

CVE-2021-20667

Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.

5.4CVSS4.9AI score0.00209EPSS

CVE•added 2021/03/10 10:15 a.m.•30 views

CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.

6.5CVSS4.6AI score0.0026EPSS