CVE-2021-41325

Name of the Vulnerable Software and Affected Versions Pydio Cells version 2.2.9

Description The issue concerns broken access control for user creation, allowing remote anonymous users to create standard users via the profile parameter. Additionally, such users can be granted several admin permissions via the Roles parameter.

Recommendations For Pydio Cells version 2.2.9, consider disabling the user creation feature until a patch is available to prevent exploitation. Restrict access to the profile and Roles parameters to minimize the risk of unauthorized user creation and permission granting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.