{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-50294","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2023-12-07T02:39:43.973Z","datePublished":"2023-12-26T07:21:19.831Z","dateUpdated":"2024-08-02T22:16:46.259Z"},"containers":{"cna":{"affected":[{"vendor":"WESEEK, Inc.","product":"GROWI","versions":[{"version":"prior to v6.0.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page."}],"problemTypes":[{"descriptions":[{"description":"Cleartext storage of sensitive information","lang":"en","type":"text"}]}],"references":[{"url":"https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/"},{"url":"https://jvn.jp/en/jp/JVN18715935/"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2023-12-26T07:21:19.831Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T22:16:46.259Z"},"title":"CVE Program Container","references":[{"url":"https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/","tags":["x_transferred"]},{"url":"https://jvn.jp/en/jp/JVN18715935/","tags":["x_transferred"]}]}]}}