Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
References
Link | Resource |
---|---|
https://charonv.net/Pydio-Broken-Access-Control/ | Third Party Advisory |
https://github.com/pydio/cells/releases/tag/v2.2.12 | Release Notes Third Party Advisory |
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212 | Product Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-09-30 19:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-41325
Mitre link : CVE-2021-41325
CVE.ORG link : CVE-2021-41325
JSON object : View
Products Affected
pydio
- cells
CWE