Disclosure Date 2021/03/07

CVE-2021-20670

Improper Access Control leading to Information Leakage in GROWI

GROWIのアクセス制限の不備

Credit

stypr (@stereotype32)

Affected-Versions

  • 4.2.2 and earlier

CWE

CWE-284

Description

Improper access control of files allows an unauthenticated remote attacker to read the user's personal information and/or server's internal information

Product-URLs

https://growi.org/

Back