Summary

A vulnerability has been identified in the GROWI system published by our company.

The following are affected.

Pages created with private settings (Only me, Anyone with the link, Only inside the group) may be viewable by other users in GROWI under certain conditions.

The following versions are affected.

• v5 versions prior to v5.1.4
• Versions prior to v4.5.25

The fix has been completed in v5.1.4 and v4.5.25. Please update your software if you are using the relevant version.

Security Vulnerability Details

The following security advisories published by CVE, JVN

• JVN#00845253 (opens new window)

Remedy

• Users using v4.5.x and earlier versions should update to v4.5.25 or later
  • The v4.4.x series and earlier versions are no longer supported and no countermeasure will be released
• Users using v5.x should update to v5.1.4 or later

Where to get the updated version

• GitHub (opens new window)
• Docker Hub (opens new window)

Related pages

• GROWI.org (opens new window)
• Demo site (opens new window)
• GROWI Docs (opens new window)
• GitHub (opens new window)