CVE-2024-31398 – This vulnerability in Cybozu Garoon allows auth... (How to Fix)

Q: What is the severity of CVE-2024-31398?

CVE-2024-31398 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Cybozu Garoon allows authenticated users to access sensitive user list information that should be restricted. It affects all users who can log into vulnerable versions of the software, potentially exposing organizational user data.

📋 TL;DR

This vulnerability in Cybozu Garoon allows authenticated users to access sensitive user list information that should be restricted. It affects all users who can log into vulnerable versions of the software, potentially exposing organizational user data.

💻 Affected Systems

Products:

Cybozu Garoon

Versions: 5.0.0 to 5.15.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit; affects all deployment configurations.

📦 What is this software?

Garoon by Cybozu

View all CVEs affecting Garoon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could enumerate all users in the system, potentially enabling targeted social engineering, credential attacks, or reconnaissance for further exploitation.

🟠

Likely Case

An authenticated user with legitimate access could inadvertently or intentionally view user lists beyond their intended permissions, violating privacy expectations.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to information disclosure of user names/identifiers rather than more sensitive credentials.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid user credentials; the vulnerability involves improper data handling in sent communications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15.3 or later

Vendor Advisory: https://cs.cybozu.co.jp/2024/007901.html

Restart Required: Yes

Instructions:

1. Download Garoon 5.15.3 or later from Cybozu support portal. 2. Backup current installation and database. 3. Apply the update following Cybozu's upgrade procedures. 4. Restart the Garoon service.

🔧 Temporary Workarounds

Restrict User Access

all

Temporarily limit user accounts to only essential personnel while planning upgrade.

🧯 If You Can't Patch

Implement strict access controls and monitor user activity for unusual enumeration attempts.
Segment network access to Garoon instances and limit exposure to trusted users only.

🔍 How to Verify

Check if Vulnerable:

Check Garoon version in administration console or via system information page.

Check Version:

Check via Garoon web interface: Administration > System Information

Verify Fix Applied:

Confirm version is 5.15.3 or later and test that user list access respects proper permissions.

📡 Detection & Monitoring

Log Indicators:

Unusual user enumeration patterns
Multiple requests to user listing endpoints from single accounts

Network Indicators:

Increased traffic to user directory APIs from non-admin accounts

SIEM Query:

source="garoon" AND (uri_path="/api/user/list" OR uri_path CONTAINS "user") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2024-31398

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Published: June 11, 2024

Last Updated: March 13, 2025

🔗 References

https://cs.cybozu.co.jp/2024/007901.html Vendor Advisory
https://jvn.jp/en/jp/JVN28869536/ Third Party Advisory
https://cs.cybozu.co.jp/2024/007901.html Vendor Advisory
https://jvn.jp/en/jp/JVN28869536/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON