CVE-2023-32750

Name of the Vulnerable Software and Affected Versions Pydio Cells versions 4.1.2 and earlier

Description The issue allows for Server-Side Request Forgery (SSRF) in Pydio Cells. This is possible through the creation of jobs that run in the background, specifically the "remote-download" job. This job can cause the backend to send an HTTP GET request to a specified URL and save the response to a new file, which is then available in a user-specified folder.

Recommendations For versions 4.1.2 and earlier, consider disabling the "remote-download" job as a temporary workaround until a patch is available. Restrict access to the job creation feature to minimize the risk of exploitation.