CVE-2023-50294

Publication date

2023-12-26 07:21:19

Family

jpcert

State

PUBLISHED

Description

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.