CVE-2023-50294

Name of the Vulnerable Software and Affected Versions GROWI versions prior to v6.0.6

Description The issue concerns the storage of sensitive information in cleartext form on the App Settings page, located at "/admin/app". This could allow an attacker with access to the page to obtain the Secret access key for an external service.

Recommendations For versions prior to v6.0.6, update to version v6.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the App Settings page (/admin/app) to minimize the risk of exploitation.