PT-2019-13274 · Weseek · Growi
Olle Westrin
·
Published
2019-07-09
·
Updated
2021-07-21
·
CVE-2019-13338
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WESEEK GROWI versions prior to 3.5.0
Description
A remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. The password hash can be retrieved even though it is not a publicly available field.
Recommendations
For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Growi