Skip to content

Instantly share code, notes, and snippets.

@polkaman polkaman/txt
Created Jul 9, 2019

Embed
What would you like to do?
CVE-2019-13337-13338 descriptions
CVE-2019-13337
[Description]
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
be bypassed by adding a URL parameter access_token (this is the
parameter used by the API). No valid token is required since it is not
validated by the backend. The website can then be browsed as if no
basic authentication is required.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
WESEEK
[Affected Product Code Base]
Growi - Fixed in 3.5.0
[Affected Component]
Basic Authentication module
[Attack Type]
Remote
[Impact Escalation of Privileges]
true
[Attack Vectors]
The site-wide basic authentication can be bypassed by adding a URL
parameter access_token (this is the parameter used by the API). No
valid token is required since it is not validated by the backend. The
website can then be browsed as if no basic authentication is required.
[Reference]
https://weseek.co.jp/
https://github.com/weseek/growi
[Discoverer]
Olle Westrin
CVE-2019-13338
[Suggested description]
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the
password hash of the creator of a page by leveraging wiki access to
make API calls for page metadata. In other words, the password hash
can be retrieved even though it is not a publicly available field.
[Vulnerability Type]
Incorrect Access Control
[Vendor of Product]
WESEEK
[Affected Product Code Base]
growi - 3.5.0
[Affected Component]
API functions pages.seen and pages.update
[Attack Type]
Remote
[Impact Information Disclosure]
true
[Attack Vectors]
To exploit the vulnerability someone needs access to the wiki to make
API calls for getting metadata about the pages or updating the page.
The remote attacker will be able to obtain the password hash of the
creator of the page.
[Reference]
https://weseek.co.jp/
https://github.com/weseek/growi
[Discoverer]
Olle Westrin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.