JVN#18715935
Multiple vulnerabilities in GROWI
Overview
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities.
Products Affected
CVE-2023-42436
- GROWI versions prior to v3.4.0
- GROWI versions prior to v3.5.0
- GROWI versions prior to v4.1.3
- GROWI versions prior to v6.0.0
- GROWI versions prior to v6.0.6
- GROWI versions prior to v6.1.11
Description
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below.
- Stored cross-site scripting vulnerability in the presentation feature (CWE-79) - CVE-2023-42436
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page (CWE-79) - CVE-2023-45737
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability when processing profile images (CWE-79) - CVE-2023-45740
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Cross-site request forgery vulnerability in the User settings (/me) page (CWE-352) - CVE-2023-46699
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Base Score: 3.5 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability exploiting a behavior of the XSS Filter (CWE-79) - CVE-2023-47215
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability via the img tags (CWE-79) - CVE-2023-49119
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability in the event handlers of the pre tags (CWE-79) - CVE-2023-49598
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability in the anchor tag (CWE-79) - CVE-2023-49779
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability when processing the MathJax (CWE-79) - CVE-2023-49807
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Stored cross-site scripting vulnerability in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page (CWE-79) - CVE-2023-50175
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Cleartext storage of sensitive information vulnerability in the App Settings (/admin/app) page's Secret access key (CWE-312) - CVE-2023-50294
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score: 4.9 CVSS v2 AV:N/AC:L/Au:S/C:P/I:N/A:N Base Score: 4.0 - Improper authorization in the User Management (/admin/users) page (CWE-285) - CVE-2023-50332
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3 CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 5.0 - Stored cross-site scripting vulnerability in the User Management (/admin/users) page (CWE-79) - CVE-2023-50339
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
Impact
- An arbitrary script may be executed on the web browser of the user who accessed the site using the product - CVE-2023-42436, CVE-2023-45737, CVE-2023-45740, CVE-2023-47215, CVE-2023-49119, CVE-2023-49598, CVE-2023-49779, CVE-2023-49807, CVE-2023-50175, CVE-2023-50339
- If a user views a malicious page while logged in, settings may be changed without the user's intention - CVE-2023-46699
- An attacker who can access the App Settings page may obtain the Secret access key for external service - CVE-2023-50294
- A user may delete or suspend its own account without the user's intention - CVE-2023-50332
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for the vulnerabilities.
CVE-2023-42436
- GROWI v3.4.0 or later
- GROWI v3.5.0 or later
- GROWI v4.1.3 or later
- GROWI v6.0.0 or later
- GROWI v6.0.6 or later
- GROWI v6.1.11 or later
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| WESEEK, Inc. | Vulnerable | 2023/12/13 | WESEEK, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2023-42436
Kakeru Kajihara of NTT-ME System Operation Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-45737
Naoki Takayama of University of Tsukuba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-45740
Kanta Nishitani of GMO Cybersecurity by Ierae Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-46699
Norihide Saito reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-47215, CVE-2023-49779
Naoya Miyaguchi of Kanmu, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-49119
Naoki Takayama of University of Tsukuba, Suguru Itagaki of NTT-ME System Operation Center, and Norihide Saito of Flatt Security inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-49598
Naoya Miyaguchi of Kanmu, Inc, SHO ODAGIRI of GMO Cybersecurity by Ierae Inc., Tsubasa Fujii (@reinforchu), Eiji Mori of Flatt Security Inc., Shiga Takuma of BroadBand Security Inc., and Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-49807
Naoya Miyaguchi of Kanmu, Inc and Naoki Takayama of University of Tsukuba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-50175
Norihide Saito of Flatt Security inc., Naoya Miyaguchi of Kanmu, Inc, and Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-50294、CVE-2023-50332、CVE-2023-50339
Norihide Saito of Flatt Security inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-42436 |
|
CVE-2023-45737 |
|
|
CVE-2023-45740 |
|
|
CVE-2023-46699 |
|
|
CVE-2023-47215 |
|
|
CVE-2023-49119 |
|
|
CVE-2023-49598 |
|
|
CVE-2023-49779 |
|
|
CVE-2023-49807 |
|
|
CVE-2023-50175 |
|
|
CVE-2023-50294 |
|
|
CVE-2023-50332 |
|
|
CVE-2023-50339 |
|
| JVN iPedia |
JVNDB-2023-000123 |