6.5

CVE-2022-41799

Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WeseekGrowi Version >= 4.0.0 < 4.5.25
WeseekGrowi Version >= 5.0.0 < 5.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.512
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://jvn.jp/en/jp/JVN00845253/index.html
Third Party Advisory
https://weseek.co.jp/en/news/2022/10/07/growi-private-page-can-be-viewed/
Vendor Advisory
Product