Описание
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.12 (исключая)Версия от 4.1.0 (включая) до 4.1.3 (исключая)
Одно из
cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*
cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.44536
Средний
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
EPSS
Процентиль: 97%
0.44536
Средний
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863