CVE-2021-43820

Name of the Vulnerable Software and Affected Versions: Seafile (affected versions not specified)

Description: The issue affects Seafile, an open source cloud storage system, where a sync token is used to authorize access to library data. The token is cached in memory to improve performance, but the server fails to check if the token is associated with the specific library in the URL when it exists in the cache. This allows an attacker to use any valid sync token to access data from any known library, provided they can first determine the library's ID, which is a random UUID.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.