Lucene search
MitreCVELIST:CVE-2023-32749HistoryJun 08, 2023 - 12:00 a.m.
CVE-2023-32749
2023-06-0800:00:00
mitre
www.cve.org
pydio cells
external users
arbitrary roles
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
References
packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html
seclists.org/fulldisclosure/2023/May/18
www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments
Related
nvd
nvd
CVE-2023-32749
2023-06-08 20:15:09
packetstorm
packetstorm
Pydio Cells 4.1.2 Privilege Escalation
2023-05-30 00:00:00
cve
cve
CVE-2023-32749
2023-06-08 20:15:09
veracode
veracode
Privilege Escalation
2023-06-20 11:44:48
prion
prion
Default credentials
2023-06-08 20:15:00
osv
osv
CVE-2023-32749
2023-06-08 20:15:09
githubexploit
githubexploit
Exploit for Incorrect Authorization in Pydio Cells
2024-05-01 21:37:00
zdt
zdt
Pydio Cells 4.1.2 - Unauthorised Role Assignments Vulnerability
2023-05-31 00:00:00
exploitdb
exploitdb
Pydio Cells 4.1.2 - Unauthorised Role Assignments
2023-05-31 00:00:00