Cross-Site Request Forgery Vulnerability in GroupSession by GroupSession Inc.
CVE-2021-20786

4.3MEDIUM

Key Information:

Vendor: Japan Total System Co.,ltd.
Status: Groupsession
Vendor: CVE Published:; 30 July 2021

🔔 Create Japan Total System Co.,ltd. Vulnerability Alert

What is CVE-2021-20786?

A cross-site request forgery (CSRF) vulnerability exists in multiple versions of GroupSession, specifically impacting the Free edition, byCloud, and ZION products. This flaw allows remote attackers to exploit a specially crafted URL to hijack the authentication of administrators, potentially leading to unauthorized administrative access and control over the affected servers. Users are advised to update to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0

References

https://groupsession.jp/info/info-news/security202107

x_refsource_MISC

https://jvn.jp/en/jp/JVN86026700/index.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2021
Vulnerability Reserved
Dec 17, 2020

JSON

Japan Total System Co.,ltd.

What is CVE-2021-20786?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.