{"containers": {"cna": {"affected": [{"product": "GROWI", "vendor": "WESEEK, Inc.", "versions": [{"status": "affected", "version": "GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file."}], "problemTypes": [{"descriptions": [{"description": "Directory traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-16T07:45:19.000Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/weseek/growi"}, {"tags": ["x_refsource_MISC"], "url": "https://hub.docker.com/r/weseek/growi/"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN94169589/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5683", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GROWI", "version": {"version_data": [{"version_value": "GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier"}]}}]}, "vendor_name": "WESEEK, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory traversal"}]}]}, "references": {"reference_data": [{"name": "https://github.com/weseek/growi", "refsource": "MISC", "url": "https://github.com/weseek/growi"}, {"name": "https://hub.docker.com/r/weseek/growi/", "refsource": "MISC", "url": "https://hub.docker.com/r/weseek/growi/"}, {"name": "https://jvn.jp/en/jp/JVN94169589/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN94169589/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.766Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/weseek/growi"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hub.docker.com/r/weseek/growi/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN94169589/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5683", "datePublished": "2020-12-16T07:45:19.000Z", "dateReserved": "2020-01-06T00:00:00.000Z", "dateUpdated": "2024-08-04T08:39:25.766Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCDBC905-7CC4-4811-A4FE-B8FF19FBEF87", "versionEndIncluding": "3.8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", "matchCriteriaId": "04F1F3DA-C1E4-4503-913F-38654C15E255", "versionEndExcluding": "4.1.12", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3FA8C18-BFF8-4F57-8CE7-D0C2A3B99006", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en GROWI versiones anteriores a v4.2.3 (Serie v4.2), GROWI versiones anteriores a v4.1.12 (Serie v4.1), y series GROWI versiones v3 y anteriores a GROWI versiones anteriores a v4.2.3 (Serie v4.2 ), GROWI versiones anteriores a v4.1.12 (Serie v4.1) y la serie GROWI versiones v3 y anteriores, permiten a atacantes remotos alterar los datos cargando un archivo especialmente dise\u00f1ado"}], "id": "CVE-2020-5683", "lastModified": "2024-11-21T05:34:28.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-16T08:15:14.030", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/weseek/growi"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product", "Third Party Advisory"], "url": "https://hub.docker.com/r/weseek/growi/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN94169589/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/weseek/growi"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://hub.docker.com/r/weseek/growi/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN94169589/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}