제출 #162543: Pydio 4.2.0 - Insecure Direct Object Reference정보

제목Pydio 4.2.0 - Insecure Direct Object Reference
설명We (DeepCove Cybersecurity) identified a weakness within Pydio cells version 4.2.0, that allows a non-admin user to create another standard user. This allows for persistence within the environment, and was not by design - malicious threat actor could remain within the organization to view, download, and in some cases modify the integrity of a file/folder. The vendor had been notified, finding had been acknowledged, and advisory to update to Pydio cells version 4.2.1 is released. https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 Technical write-up of this vulnerability will be published once CVE is assigned.
원천⚠️ https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421
사용자
 ignatiusmichael (UID 28987)
제출2023. 05. 30. PM 01:54 (3 연령 ago)
모더레이션2023. 05. 30. PM 03:32 (2 hours later)
상태수락
VulDB 항목230212 [Abstrium Pydio Cells 4.2.0 User Creation 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!