Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.
[
{
"vendor": "WESEEK, Inc.",
"product": "GROWI v5 series and v4 series",
"versions": [
{
"version": "versions prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series)",
"status": "affected"
}
]
}
]