CVE-2021-41325

Published: Sep 30, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)

Affected (2)

Products: Pydio: Cells

Pydio

1 product

Cells

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pydio Cells	Version 2.2.9
Pydio Cells	Version 2.2.9

References (6)

https://charonv.net/Pydio-Broken-Access-Control/

Source: cve@mitre.org

Third Party Advisory

https://github.com/pydio/cells/releases/tag/v2.2.12

Source: cve@mitre.org

Release NotesThird Party Advisory

https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212

Source: cve@mitre.org

ProductVendor Advisory

https://charonv.net/Pydio-Broken-Access-Control/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/pydio/cells/releases/tag/v2.2.12

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.