Disclosure Date 2021/03/07

CVE-2021-20670

Improper Access Control leading to Information Leakage in GROWI

GROWI におけるアクセス制限の不備

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

  • CWE-284

Description

Improper access control of files allows an unauthenticated remote attacker to read the user's personal information and/or server's internal information

Product-URLs

Back