Server-Side Request Forgery Vulnerability in Pydio Cells by Pydio
CVE-2023-32750

6.5MEDIUM

Key Information:

Vendor: Pydio
Status: Cells
Vendor: CVE Published:; 8 June 2023

What is CVE-2023-32750?

Pydio Cells, a file sharing and collaboration tool, is susceptible to Server-Side Request Forgery (SSRF) in versions up to 4.1.2. This vulnerability allows attackers to manipulate the application into sending HTTP request calls to arbitrary URLs. Specifically, the 'remote-download' job feature allows authorized users to create jobs that can lead the server to fetch data from external resources. If exploited, this could potentially allow attackers to gain access to sensitive information or perform unauthorized actions by leveraging the application’s backend capabilities.

References

https://www.redteam-pentesting.de/en/advisories/-advisori...

https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2023
Vulnerability Reserved
May 15, 2023

CVE-2023-32750 Data

JSON