Cells@2.0.4 Security Vulnerabilities and Issues — Cells@2.0.4 CVE List

Lucene search

PydioCells2.0.4

7 matches found

CVE•added 2020/06/04 8:15 p.m.•84 views

CVE-2020-12852

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its ...

8.5CVSS7AI score0.01409EPSS

CVE•added 2020/06/04 8:15 p.m.•82 views

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is poss...

7.2CVSS7AI score0.01494EPSS

CVE•added 2020/06/04 8:15 p.m.•79 views

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

8.1CVSS7.9AI score0.01245EPSS

CVE•added 2020/06/04 8:15 p.m.•72 views

CVE-2020-12853

Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.

6.1CVSS6.5AI score0.0024EPSS

CVE•added 2020/06/05 1:15 p.m.•64 views

CVE-2020-12848

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and...

5.8CVSS5.9AI score0.0051EPSS

CVE•added 2020/06/05 1:15 p.m.•64 views

CVE-2020-12849

Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.

5.4CVSS5.9AI score0.0063EPSS

CVE•added 2020/06/11 2:15 a.m.•54 views

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the applian...

7CVSS7.2AI score0.00077EPSS