CVE-2023-50294

Published: 2023-12-26T08:15Z

Last Modified: 2024-11-21T08:36Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt