Broken Access Control in Pydio Cells Affects User Management
CVE-2021-41325

6.5MEDIUM

Key Information:

Vendor

Pydio

Status
Cells
Vendor
CVE Published:
30 September 2021

What is CVE-2021-41325?

The vulnerability in Pydio Cells version 2.2.9 allows unauthorized remote anonymous users to create new standard user accounts simply by manipulating the profile parameter. Additionally, these users can potentially obtain administrative privileges through the Roles parameter, significantly compromising the security and integrity of systems utilizing this version. It is crucial for users of Pydio Cells to update to the latest version to mitigate these risks.

References

https://pydio.com/fr/community/releases/pydio-cells/pydio...
x_refsource_MISC
https://github.com/pydio/cells/releases/tag/v2.2.12
x_refsource_MISC
https://charonv.net/Pydio-Broken-Access-Control/
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.