Login Sign Up

CVE-2020-5676

7.5 HIGH
Authentication Bypass

📋 TL;DR

CVE-2020-5676 is an information disclosure vulnerability in GROWI wiki software that allows remote attackers to access unauthorized information through unspecified vectors. This affects all GROWI installations running version 4.1.3 or earlier. Attackers can potentially view sensitive data that should be restricted based on user permissions.

💻 Affected Systems

Products:
  • GROWI
Versions: v4.1.3 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All GROWI deployments running affected versions are vulnerable regardless of configuration.

📦 What is this software?

Growi by Weseek

View all CVEs affecting Growi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive organizational information, user credentials, private documents, or configuration data that could lead to further compromise.

🟠

Likely Case

Unauthorized access to restricted pages, user information, or internal documentation that should be protected by access controls.

🟢

If Mitigated

Limited exposure of non-critical information if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows remote exploitation without authentication, though specific exploit vectors are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.1.4 and later

Vendor Advisory: https://jvn.jp/en/jp/JVN56450373/index.html

Restart Required: Yes

Instructions:

1. Update GROWI to version 4.1.4 or later. 2. For Docker deployments: pull latest image from weseek/growi. 3. Restart the GROWI service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to GROWI instances to only trusted IP addresses

iptables -A INPUT -p tcp --dport 3000 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to GROWI instances
  • Monitor GROWI access logs for unusual patterns and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check GROWI version in admin panel or via API endpoint /api/v3/version

Check Version:

curl -s http://growi-host:3000/api/v3/version | grep version

Verify Fix Applied:

Confirm version is 4.1.4 or later and test access controls on restricted content

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed access attempts to restricted pages
  • Unauthorized users accessing protected content
  • Unusual access patterns from external IPs

Network Indicators:

  • Unusual traffic to GROWI API endpoints from unauthorized sources
  • Requests bypassing normal authentication flows

SIEM Query:

source="growi" AND (event="unauthorized_access" OR status="403")

📊 Metadata

CVE ID: CVE-2020-5676
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: December 3, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5676, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)