Security Advisory

CVE-2023-50294

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-26 07:21:19

Last updated 2024-08-02 22:16:46

Assigner jpcert

State PUBLISHED

Description

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

← Browse all CVEs View on cve.org ↗