Information from WESEEK, Inc.
Vulnerability ID:JVN#00845253
Title:Growi vulnerable to improper access control
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[Summary]
We have discovered that a vulnerability exists in the GROWI system provided by our company.
[Affected Products]
The affected products are as follows
Product name: GROWI
Affected version: v5.1.4
- v5 series versions prior to v5.1.4
- v4 versions prior to v4.5.25
[Description]
GROWI is vulnerable to an access restriction failure.
[Impact]
There is a risk that information on private pages could be viewed by users in the same system who do not have access privileges to the page in question.
[Solution]
- If you are using v5 series, please update to v5.1.4 or later.
- If you are using v4 series, please update to v4.5.25 or later.
[Where to get the updated version]
- [GitHub](https://github.com/weseek/growi)
- [Docker Hub](https://hub.docker.com/r/weseek/growi/)
