Information from WESEEK, Inc.
Vulnerability ID:JVNVU#96438711
Title:Growi vulnerable to weak password requirements
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
[Summary]
GROWI is developed by WESEEK, Inc.
GROWI releases prior to v5.0.0 contain a vulnerability that causes risks of bruteforce attacks.
[Affected Products]
This vulnerability affects GROWI releases prior to v5.0.0
[Description]
GROWI releases prior to v5.0.0 contain a vulnerability of bruteforce attacks.
[Impact]
An attacker can bypass authentication and access the system with bruteforce attacs.
[Solution]
Please upgrade your GROWI to v5.0.0 or later.
### Where to get the updated version
- [GitHub](https://github.com/weseek/growi)
- [Docker Hub](https://hub.docker.com/r/weseek/growi/)
