-
-
Save polkaman/d039fb5236a043907e44efc198d9161c to your computer and use it in GitHub Desktop.
CVE-2019-13337-13338 descriptions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2019-13337 | |
[Description] | |
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can | |
be bypassed by adding a URL parameter access_token (this is the | |
parameter used by the API). No valid token is required since it is not | |
validated by the backend. The website can then be browsed as if no | |
basic authentication is required. | |
[Vulnerability Type] | |
Incorrect Access Control | |
[Vendor of Product] | |
WESEEK | |
[Affected Product Code Base] | |
Growi - Fixed in 3.5.0 | |
[Affected Component] | |
Basic Authentication module | |
[Attack Type] | |
Remote | |
[Impact Escalation of Privileges] | |
true | |
[Attack Vectors] | |
The site-wide basic authentication can be bypassed by adding a URL | |
parameter access_token (this is the parameter used by the API). No | |
valid token is required since it is not validated by the backend. The | |
website can then be browsed as if no basic authentication is required. | |
[Reference] | |
https://weseek.co.jp/ | |
https://github.com/weseek/growi | |
[Discoverer] | |
Olle Westrin | |
CVE-2019-13338 | |
[Suggested description] | |
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the | |
password hash of the creator of a page by leveraging wiki access to | |
make API calls for page metadata. In other words, the password hash | |
can be retrieved even though it is not a publicly available field. | |
[Vulnerability Type] | |
Incorrect Access Control | |
[Vendor of Product] | |
WESEEK | |
[Affected Product Code Base] | |
growi - 3.5.0 | |
[Affected Component] | |
API functions pages.seen and pages.update | |
[Attack Type] | |
Remote | |
[Impact Information Disclosure] | |
true | |
[Attack Vectors] | |
To exploit the vulnerability someone needs access to the wiki to make | |
API calls for getting metadata about the pages or updating the page. | |
The remote attacker will be able to obtain the password hash of the | |
creator of the page. | |
[Reference] | |
https://weseek.co.jp/ | |
https://github.com/weseek/growi | |
[Discoverer] | |
Olle Westrin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment