Published: 2022/01/21  Last Updated: 2022/01/21

Information from WESEEK, Inc.

Vulnerability ID:JVNVU#94151526
Title:GROWI vulnerable to authorization bypass through user-controlled key

This is a statement from the vendor itself with no modification by JPCERT/CC.

GROWI is developed by WESEEK, Inc.
GROWI releases prior to v3.2.3 contain a bug that causes risks of authentication bypass.

[Affected Products]
This bug affects GROWI releases prior to v4.4.8

GROWI releases prior to v4.4.8 contain bugs of authentication bypass.

An attacker can bypass authentication and delete any other users' comments.

Please upgrade your GROWI to v4.4.8 or later.

Where to get the updated version

[Docker Hub](