Directory Traversal Vulnerability in Pydio Cells by Pydio
CVE-2021-41323

6.5MEDIUM

Key Information:

Vendor

Pydio

Status
Cells
Vendor
CVE Published:
30 September 2021

What is CVE-2021-41323?

A directory traversal vulnerability exists in the Compress feature of Pydio Cells version 2.2.9, enabling remote authenticated users to exploit this flaw. By manipulating the format parameter, these users can potentially overwrite personal files or files belonging to other users within the Cells platform.

References

https://pydio.com/fr/community/releases/pydio-cells/pydio...
x_refsource_MISC
https://github.com/pydio/cells/releases/tag/v2.2.12
x_refsource_MISC
https://charonv.net/Pydio-Broken-Access-Control/
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.