Published: 2022/10/07  Last Updated: 2022/10/07

Information from WESEEK, Inc.

Vulnerability ID:JVN#00845253
Title:Growi vulnerable to improper access control
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

[Summary]
We have discovered that a vulnerability exists in the GROWI system provided by our company.

[Affected Products]
The affected products are as follows
Product name: GROWI
Affected version: v5.1.4
- v5 series versions prior to v5.1.4
- v4 versions prior to v4.5.25

[Description]
GROWI is vulnerable to an access restriction failure.

[Impact]
There is a risk that information on private pages could be viewed by users in the same system who do not have access privileges to the page in question.

[Solution]
- If you are using v5 series, please update to v5.1.4 or later.
- If you are using v4 series, please update to v4.5.25 or later.

[Where to get the updated version]
- [GitHub](https://github.com/weseek/growi)
- [Docker Hub](https://hub.docker.com/r/weseek/growi/)

update history

2022/10/07