Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.
References
Link | Resource |
---|---|
https://charonv.net/Pydio-Broken-Access-Control/ | Third Party Advisory |
https://github.com/pydio/cells/releases/tag/v2.2.12 | Release Notes Third Party Advisory |
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212 | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-30T18:48:46
Updated: 2021-09-30T18:48:46
Reserved: 2021-09-17T00:00:00
Link: CVE-2021-41323
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T19:15:07.473
Modified: 2021-10-07T03:00:37.570
Link: CVE-2021-41323
JSON object: View
Redhat Information
No data.
CWE