Login Sign Up

CVE-2024-31402

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

An incorrect authorization vulnerability in Cybozu Garoon allows authenticated users to delete Shared To-Do data they shouldn't have access to. This affects organizations using Garoon versions 5.0.0 through 5.15.2 for collaboration and task management. The vulnerability enables privilege escalation within the application's authorization framework.

💻 Affected Systems

Products:
  • Cybozu Garoon
Versions: 5.0.0 to 5.15.2
Operating Systems: Any OS running Garoon
Default Config Vulnerable: ⚠️ Yes
Notes: All installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Garoon by Cybozu

View all CVEs affecting Garoon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious insider or compromised account could systematically delete all shared task data, disrupting business operations and causing data loss.

🟠

Likely Case

Accidental or intentional deletion of shared task lists by users with limited permissions, creating confusion and workflow disruption.

🟢

If Mitigated

Minimal impact with proper access controls, audit logging, and regular backups in place.

🌐 Internet-Facing: MEDIUM - Requires authentication but exposed to internet-based attacks if Garoon is publicly accessible.
🏢 Internal Only: MEDIUM - Insider threat risk exists, but requires authenticated access to the Garoon system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but the authorization bypass is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15.3

Vendor Advisory: https://cs.cybozu.co.jp/2024/007901.html

Restart Required: Yes

Instructions:

1. Backup Garoon data and configuration. 2. Download Garoon 5.15.3 or later from Cybozu. 3. Follow Cybozu's upgrade documentation. 4. Restart Garoon services. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Restrict Shared To-Do Access

all

Temporarily limit access to Shared To-Do functionality to only essential users.

Enhanced Monitoring

all

Increase logging and monitoring of Shared To-Do deletion events.

🧯 If You Can't Patch

  • Implement strict access controls and principle of least privilege for Garoon users
  • Enable comprehensive audit logging for all Shared To-Do operations and review regularly

🔍 How to Verify

Check if Vulnerable:

Check Garoon version in Administration > System Information. If version is between 5.0.0 and 5.15.2 inclusive, system is vulnerable.

Check Version:

Check via Garoon web interface: Administration > System Information > Version

Verify Fix Applied:

After patching, verify version shows 5.15.3 or higher in Administration > System Information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual patterns of Shared To-Do deletions
  • Deletion events from non-administrative users
  • Multiple deletion requests in short timeframes

Network Indicators:

  • HTTP POST requests to Shared To-Do deletion endpoints from unauthorized users

SIEM Query:

source="garoon_logs" action="delete" object_type="shared_todo" user_role!="admin"

📊 Metadata

CVE ID: CVE-2024-31402
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-863
Published: June 11, 2024
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31402, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)