Improper access control vulnerability in GROWI prior to...
Moderate severity
Unreviewed
Published
Oct 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Oct 24, 2022
Published to the GitHub Advisory Database
Oct 24, 2022
Last updated
Jan 29, 2023
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.
References