polkaman/txt

## txt

CVE-2019-13337

    [Description]
    In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
    be bypassed by adding a URL parameter access_token (this is the
    parameter used by the API). No valid token is required since it is not
    validated by the backend. The website can then be browsed as if no
    basic authentication is required.

    [Vulnerability Type]
    Incorrect Access Control

    [Vendor of Product]
    WESEEK

    [Affected Product Code Base]
    Growi - Fixed in 3.5.0

    [Affected Component]
    Basic Authentication module

    [Attack Type]
    Remote

    [Impact Escalation of Privileges]
    true

    [Attack Vectors]
    The site-wide basic authentication can be bypassed by adding a URL
    parameter access_token (this is the parameter used by the API). No
    valid token is required since it is not validated by the backend. The
    website can then be browsed as if no basic authentication is required.

    [Reference]
    https://weseek.co.jp/
    https://github.com/weseek/growi

    [Discoverer]
    Olle Westrin


CVE-2019-13338

    [Suggested description]
    In WESEEK GROWI before 3.5.0, a remote attacker can obtain the
    password hash of the creator of a page by leveraging wiki access to
    make API calls for page metadata. In other words, the password hash
    can be retrieved even though it is not a publicly available field.

    [Vulnerability Type]
    Incorrect Access Control

    [Vendor of Product]
    WESEEK

    [Affected Product Code Base]
    growi - 3.5.0

    [Affected Component]
    API functions pages.seen and pages.update

    [Attack Type]
    Remote

    [Impact Information Disclosure]
    true

    [Attack Vectors]
    To exploit the vulnerability someone needs access to the wiki to make
    API calls for getting metadata about the pages or updating the page.
    The remote attacker will be able to obtain the password hash of the
    creator of the page.

    [Reference]
    https://weseek.co.jp/
    https://github.com/weseek/growi

    [Discoverer]
    Olle Westrin

	CVE-2019-13337

	[Description]
	In WESEEK GROWI before 3.5.0, the site-wide basic authentication can
	be bypassed by adding a URL parameter access_token (this is the
	parameter used by the API). No valid token is required since it is not
	validated by the backend. The website can then be browsed as if no
	basic authentication is required.

	[Vulnerability Type]
	Incorrect Access Control

	[Vendor of Product]
	WESEEK

	[Affected Product Code Base]
	Growi - Fixed in 3.5.0

	[Affected Component]
	Basic Authentication module

	[Attack Type]
	Remote

	[Impact Escalation of Privileges]
	true

	[Attack Vectors]
	The site-wide basic authentication can be bypassed by adding a URL
	parameter access_token (this is the parameter used by the API). No
	valid token is required since it is not validated by the backend. The
	website can then be browsed as if no basic authentication is required.

	[Reference]
	https://weseek.co.jp/
	https://github.com/weseek/growi

	[Discoverer]
	Olle Westrin


	CVE-2019-13338

	[Suggested description]
	In WESEEK GROWI before 3.5.0, a remote attacker can obtain the
	password hash of the creator of a page by leveraging wiki access to
	make API calls for page metadata. In other words, the password hash
	can be retrieved even though it is not a publicly available field.

	[Vulnerability Type]
	Incorrect Access Control

	[Vendor of Product]
	WESEEK

	[Affected Product Code Base]
	growi - 3.5.0

	[Affected Component]
	API functions pages.seen and pages.update

	[Attack Type]
	Remote

	[Impact Information Disclosure]
	true

	[Attack Vectors]
	To exploit the vulnerability someone needs access to the wiki to make
	API calls for getting metadata about the pages or updating the page.
	The remote attacker will be able to obtain the password hash of the
	creator of the page.

	[Reference]
	https://weseek.co.jp/
	https://github.com/weseek/growi

	[Discoverer]
	Olle Westrin