CVE-2021-20670

Improper Access Control leading to Information Leakage in GROWI (GROWI におけるアクセス制限の不備)

Improper access control of files allows an unauthenticated remote attacker to read the user's personal information and/or server's internal information

Disclosure Date

2021/03/07

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-284

Product-URLs

https://growi.org/

Reference

https://jvn.jp/en/vu/JVNVU94889258/index.html
https://nvd.nist.gov/vuln/detail/CVE-2021-20670
https://weseek.co.jp/security/2021/03/08/vulnerability/growi-prevent-multiple-xss/

Back

Improper Access Control leading to Information Leakage in GROWI (GROWI におけるアクセス制限の不備)

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ