exploitDog

CVE-2023-50294

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

Ссылки

https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory
https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 6.0.6 (исключая)

EPSS

Процентиль: 64%

0.0046

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-89ff-5hgp-6w8j

CVSS3: 6.5

github

около 2 лет назад

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

EPSS

Процентиль: 64%

0.0046

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-312