In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is required.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T23:49:24.646Z
Reserved: 2019-07-05T00:00:00
Link: CVE-2019-13337

No data.

Status : Modified
Published: 2019-07-09T20:15:10.713
Modified: 2024-11-21T04:24:44.560
Link: CVE-2019-13337

No data.