CVE-2021-20876
MEDIUM WAF: High
CVSS 6.8
Published: 2021-12-24
CWE-22
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| groupsession | groupsession | up to 5.1.1 |
| groupsession | groupsession | up to 5.1.1 |
| groupsession | groupsession | up to 5.1.1 |
References
- groupsession.jp (Vendor Advisory)
- jvn.jp (Third Party Advisory)