PT-2023-22421 · Abstrium · Abstrium Pydio Cells

Ignatiusmichael

Publicado

2023-05-30

Atualizado

2024-08-21

CVE-2023-2980

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Abstrium Pydio Cells version 4.2.0

Description A critical vulnerability was found in the User Creation Handler component, leading to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue.

Recommendations For Abstrium Pydio Cells version 4.2.0, upgrade to version 4.2.1 to address the issue. As a temporary workaround, consider restricting access to the User Creation Handler component until the upgrade is applied.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-99

Identificadores relacionados

CVE-2023-2980

GHSA-J327-C69H-4GH8

GO-2023-2344

Produtos afetados

Abstrium Pydio Cells

PT-2023-22421 · Abstrium · Abstrium Pydio Cells

CVE-2023-2980

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12