CVE-2021-20874

Published: Dec 24, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.

Affected (3)

Products: Groupsession: Groupsession

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Groupsession Groupsession	Up to 5.1.1
Groupsession Groupsession	Up to 5.1.1
Groupsession Groupsession	Up to 5.1.1

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://groupsession.jp/info/info-news/security20211220

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN79798166/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://groupsession.jp/info/info-news/security20211220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN79798166/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.