CVE-2022-41799 in GROWI
Summary
by MITRE • 10/24/2022
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/07/2025
The vulnerability CVE-2022-41799 represents a critical access control flaw in the GROWI collaborative platform that affects versions prior to v5.1.4 in the v5 series and v4.5.25 in the v4 series. This issue stems from inadequate authorization checks within the application's permission system, allowing authenticated attackers to exploit a logical flaw in the access restriction mechanism. The vulnerability specifically impacts the markdown data download functionality, where users can bypass intended privacy controls to access private content created by other users.
The technical implementation of this vulnerability resides in the application's handling of page access permissions during markdown export operations. When users attempt to download markdown content from pages, the system fails to properly validate whether the requesting user has sufficient privileges to access the target page's content. This represents a classic improper access control weakness that aligns with CWE-285, which encompasses issues where applications fail to properly enforce access control mechanisms. The flaw operates at the application logic level rather than at the network or system level, making it particularly insidious as it exploits legitimate authentication flows to gain unauthorized access.
From an operational perspective, this vulnerability creates significant security implications for organizations relying on GROWI for collaborative documentation and knowledge management. The ability to download private markdown data from other users' pages essentially nullifies the privacy controls that administrators have implemented to protect sensitive information. Attackers can leverage this vulnerability to access confidential business documents, proprietary information, internal communications, or any other sensitive content that was intended to remain private within the platform. The remote nature of the attack means that threat actors can exploit this vulnerability from outside the network perimeter without requiring physical access or complex attack chains.
The impact of this vulnerability extends beyond simple data exposure, as it undermines the fundamental trust model of collaborative platforms. Organizations using GROWI for internal knowledge sharing, project documentation, or secure collaboration may experience severe consequences including intellectual property theft, competitive disadvantage, regulatory compliance violations, and potential legal ramifications. The vulnerability particularly affects environments where sensitive corporate information is stored in markdown format within the platform's pages.
Mitigation strategies for this vulnerability require immediate patching to versions v5.1.4 or v4.5.25 and later, which contain the necessary access control fixes. Organizations should also implement additional monitoring to detect unauthorized access attempts and review existing access control policies to ensure proper implementation of least privilege principles. The fix addresses the underlying authorization logic by implementing proper permission validation checks during markdown download operations, ensuring that only users with appropriate access rights can retrieve private content. Security teams should conduct thorough audits of their GROWI installations to verify that all affected versions have been updated and that proper access controls are enforced across all content management functions.
This vulnerability demonstrates the critical importance of proper access control implementation in collaborative platforms and aligns with ATT&CK technique T1213.002 which covers data from information repositories. The flaw serves as a reminder that even authenticated users can be exploited to gain unauthorized access when proper authorization checks are missing from application logic, making it a prime target for attackers seeking to exfiltrate sensitive information from collaborative environments.