Published:2022/01/21 Last Updated:2022/01/21
JVNVU#94151526
GROWI vulnerable to authorization bypass through user-controlled key
Overview
GROWI provided by WESEEK, Inc. contains an authorization bypass through user-controlled key vulnerability.
Products Affected
- GROWI v4.4.7 and earlier
Description
GROWI provided by WESEEK, Inc. contains an authorization bypass through user-controlled key vulnerability (CWE-639, CVE-2021-3852).
Impact
An unauthenticated remote attacker may bypass the authorization and delete an arbitrary user's comment.
Solution
Update the software
Update the software to the version listed below which contains the fix for this vulnerability.
- GROWI v4.4.8 and later
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| WESEEK, Inc. | Vulnerable | 2022/01/21 | WESEEK, Inc. website |
References
-
huntr – the Bug Bounty Platform for any GitHub repository
Authorization Bypass Through User-Controlled Key in weseek/growi -
VDB-190179
GROWI AUTHORIZATION
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score:
7.3
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
huntr first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as an intermediator. After the coordination between huntr and WESEEK, Inc. was completed, this case was published to notify the users of the solution through JVN.