PT-2019-13011 · Pydio · Pydio Cells
Published
2019-06-19
·
Updated
2021-07-21
·
CVE-2019-12902
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pydio Cells versions prior to 1.5.0
Description
The issue arises from incomplete cleanup of a user's data when their account is deleted. This allows a new user, who is assigned the same User ID as a previously deleted user, to restore the deleted user's data.
Recommendations
For versions prior to 1.5.0, update to version 1.5.0 or later to ensure complete cleanup of user data upon deletion.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pydio Cells