Description
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://groupsession.jp/info/info-news/security20211220
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN79798166/index.html
Scores
CVSS v3
6.8
EPSS
0.0103
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
groupsession/groupsession
< 5.1.1 (3 CPE variants)
Published
Dec 24, 2021
Tracked Since
Feb 18, 2026