CVE-2020-12850

Name of the Vulnerable Software and Affected Versions Pydio Cells Enterprise OVF version 2.0.4 Pydio Cells Enterprise OVF versions prior to 2.0.4

Description The issue concerns insecure permissions that could allow local privilege escalation. In version 2.0.4 of the appliance, the pydio user is responsible for running services and binaries, including mysqld and cells, with restricted privileges. Prior versions have a looser policy restriction, allowing the pydio user to execute any privileged command using sudo.

Recommendations For Pydio Cells Enterprise OVF version 2.0.4, consider restricting the pydio user's privileges to only run necessary services and binaries. For Pydio Cells Enterprise OVF versions prior to 2.0.4, update the policy restriction to limit the pydio user's ability to execute privileged commands using sudo. At the moment, there is no information about a newer version that contains a fix for this vulnerability.