File Sharing Vulnerability in Pydio Cells by Pydio
CVE-2020-12848

5.4MEDIUM

Key Information:

Vendor

Pydio

Status
Cells
Vendor
CVE Published:
5 June 2020

What is CVE-2020-12848?

In Pydio Cells version 2.0.4, a security flaw arises when an authenticated user utilizes the public link sharing feature. This functionality inadvertently creates a concealed shared user account within the backend, assigned a randomly generated username. An unauthorized individual who acquires the public link can exploit this vulnerability to discover the hidden account’s credentials and gain login access to the web application. Once inside, the user can execute actions typically restricted from public share links, posing significant security risks and potential data breaches.

References

https://www.coresecurity.com/advisories
x_refsource_MISC
https://www.coresecurity.com/core-labs/advisories/pydio-c...
x_refsource_MISC
http://packetstormsecurity.com/files/158002/Pydio-Cells-2...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.