PT-2023-22416 · Abstrium · Abstrium Pydio Cells

Ignatiusmichael

Publicado

2023-05-30

Atualizado

2024-08-20

CVE-2023-2978

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Abstrium Pydio Cells version 4.2.0

Description A vulnerability was found in the component Change Subscription Handler, which leads to authorization bypass. The manipulation of this component can be exploited, and it has been disclosed to the public. Upgrading to version 4.2.1 is able to address this issue.

Recommendations For Abstrium Pydio Cells version 4.2.0, upgrade to version 4.2.1 to address the issue. As a temporary workaround, consider restricting access to the Change Subscription Handler component until the upgrade is applied.

Exploit

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2023-2978

GHSA-MV7X-27PC-8C96

GO-2023-1808

Produtos afetados

Abstrium Pydio Cells

PT-2023-22416 · Abstrium · Abstrium Pydio Cells

CVE-2023-2978

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11