2026-03-16 06:47:38
jpcert
PUBLISHED
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistants identifier may view and/or tamper the other users threads/messages.