| عنوان | Pydio 4.2.0 - Insecure Direct Object Reference |
|---|
| الوصف | We (DeepCove Cybersecurity) identified a weakness within Pydio cells version 4.2.0, that allows a non-admin user to create another standard user. This allows for persistence within the environment, and was not by design - malicious threat actor could remain within the organization to view, download, and in some cases modify the integrity of a file/folder.
The vendor had been notified, finding had been acknowledged, and advisory to update to Pydio cells version 4.2.1 is released. https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421
Technical write-up of this vulnerability will be published once CVE is assigned. |
|---|
| المصدر | ⚠️ https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 |
|---|
| المستخدم | ignatiusmichael (UID 28987) |
|---|
| ارسال | 30/05/2023 01:54 PM (3 سنوات منذ) |
|---|
| الاعتدال | 30/05/2023 03:32 PM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 230212 [Abstrium Pydio Cells 4.2.0 User Creation تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|