Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
References
Link | Resource |
---|---|
https://charonv.net/Pydio-Broken-Access-Control/ | Third Party Advisory |
https://github.com/pydio/cells/releases/tag/v2.2.12 | Release Notes Third Party Advisory |
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212 | Product Vendor Advisory |
https://charonv.net/Pydio-Broken-Access-Control/ | Third Party Advisory |
https://github.com/pydio/cells/releases/tag/v2.2.12 | Release Notes Third Party Advisory |
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212 | Product Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://charonv.net/Pydio-Broken-Access-Control/ - Third Party Advisory | |
References | () https://github.com/pydio/cells/releases/tag/v2.2.12 - Release Notes, Third Party Advisory | |
References | () https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212 - Product, Vendor Advisory |
Information
Published : 2021-09-30 19:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41325
Mitre link : CVE-2021-41325
CVE.ORG link : CVE-2021-41325
JSON object : View
Products Affected
pydio
- cells
CWE