PT-2021-23277 · Pydio · Pydio Cells
Robin Descamps
·
Published
2021-09-30
·
Updated
2021-10-07
·
CVE-2021-41323
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Pydio Cells version 2.2.9
Description
The issue allows remote authenticated users to overwrite personal files or Cells files belonging to any user via the
format parameter in the Compress feature.Recommendations
For Pydio Cells version 2.2.9, consider restricting access to the Compress feature until a patch is available. As a temporary workaround, avoid using the
format parameter in the Compress feature to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pydio Cells