exploitDog

GHSA-3frq-wgwx-p958

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)

Ссылки

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2021-41325

CVSS3: 6.5

nvd

больше 4 лет назад

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)

EPSS

Процентиль: 43%

0.00209

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-863