CVE-2022-41799 is an improper access control vulnerability affecting WESEEK, Inc.'s GROWI wiki software versions prior to v5.1.4 in the v5 series and prior to v4.5.25 in the v4 series. GROWI is a collaborative markdown-based wiki platform used for documentation and knowledge sharing within organizations. The vulnerability allows a remote authenticated attacker to bypass access restrictions and download markdown content from pages that other users have set to private. This means that even if a page is intended to be accessible only to certain users, an attacker who has valid credentials but is not authorized to view that page can still retrieve its content. The vulnerability does not require elevated privileges beyond authentication, but it does require the attacker to be logged in (authenticated). The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). The key risk is unauthorized disclosure of sensitive or confidential information stored in private wiki pages, which could lead to information leakage within organizations using affected versions of GROWI. There are no known exploits in the wild as of the published date, but the vulnerability is publicly disclosed and patched in later versions. Organizations using affected versions should upgrade to at least v5.1.4 or v4.5.25 to remediate the issue.

For European organizations, this vulnerability poses a significant risk to the confidentiality of internal documentation and sensitive information managed via GROWI. Many enterprises, government agencies, and research institutions in Europe use collaborative wiki platforms like GROWI to store project details, internal policies, and proprietary data. Unauthorized access to private pages could lead to exposure of intellectual property, strategic plans, or personal data, potentially violating GDPR and other data protection regulations. The breach of confidentiality could damage organizational reputation, lead to regulatory fines, and facilitate further attacks if sensitive operational details are leaked. Since the vulnerability requires authentication but no elevated privileges, insider threats or compromised user accounts could be leveraged to exploit this flaw. The medium severity rating reflects the moderate ease of exploitation combined with the high confidentiality impact, making it a relevant concern for organizations with sensitive content on GROWI platforms.

1. Immediate upgrade: Organizations should upgrade GROWI installations to version 5.1.4 or later (for v5 series) or 4.5.25 or later (for v4 series) where the vulnerability is patched. 2. Access control review: Conduct a thorough audit of user permissions and private page settings to ensure that only authorized users have access to sensitive content. 3. Authentication hardening: Implement strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised credentials being used to exploit this vulnerability. 4. Monitoring and logging: Enable detailed logging of access to private pages and monitor for unusual access patterns that could indicate exploitation attempts. 5. Network segmentation: Restrict access to the GROWI platform to trusted networks or VPNs to reduce exposure to remote attackers. 6. User training: Educate users about the importance of safeguarding credentials and recognizing phishing attempts that could lead to account compromise. 7. Incident response planning: Prepare procedures to quickly respond to any detected unauthorized access incidents involving GROWI data.