PT-2023-22416 · Abstrium · Abstrium Pydio Cells
Ignatiusmichael
·
Published
2023-05-30
·
Updated
2024-08-20
·
CVE-2023-2978
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Abstrium Pydio Cells version 4.2.0
Description
A vulnerability was found in the component Change Subscription Handler, which leads to authorization bypass. The manipulation of this component can be exploited, and it has been disclosed to the public. Upgrading to version 4.2.1 is able to address this issue.
Recommendations
For Abstrium Pydio Cells version 4.2.0, upgrade to version 4.2.1 to address the issue. As a temporary workaround, consider restricting access to the Change Subscription Handler component until the upgrade is applied.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abstrium Pydio Cells