CVE-2022-41799

Summary

Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.

Affected Software

VendorProductVersion RangeStatus
WESEEK, Inc.GROWI v5 series and v4 seriesversions prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series)affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References