Vulnerability Details : CVE-2021-41325
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Products affected by CVE-2021-41325
- cpe:2.3:a:pydio:cells:2.2.9:*:*:*:-:*:*:*
- cpe:2.3:a:pydio:cells:2.2.9:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41325
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41325
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2021-41325
-
https://github.com/pydio/cells/releases/tag/v2.2.12
Release Hotfix for 2.2 · pydio/cells · GitHubRelease Notes;Third Party Advisory
-
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
Pydio Cells & Enterprise 2.2.12 | PydioProduct;Vendor Advisory
-
https://charonv.net/Pydio-Broken-Access-Control/
Pydio Cells v2.2.9 Broken Access Control | CharonVThird Party Advisory
Jump to