CVE-2023-2980

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Abstrium Pydio Cells version 4.2.0

Description A critical vulnerability was found in the User Creation Handler component, leading to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue.

Recommendations For Abstrium Pydio Cells version 4.2.0, upgrade to version 4.2.1 to address the issue. As a temporary workaround, consider restricting access to the User Creation Handler component until the upgrade is applied.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-99

Related Identifiers

CVE-2023-2980

GHSA-J327-C69H-4GH8

GO-2023-2344

Affected Products

Abstrium Pydio Cells

CVE-2023-2980

Weakness Enumeration

Related Identifiers

Affected Products

References · 12