QwikSec

Security Database

CVE

CWE

Training

CVE-2023-32749

Published: Jun 8, 2023

Modified: Jan 6, 2025

PUBLISHED

Description

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses

20230530 [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments

mailing-list

http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html

https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.