Abstrium Pydio Cells User Creation resource injection
Description
A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A critical vulnerability in Pydio Cells 4.2.0 allows remote attackers to control resource identifiers via the User Creation Handler, enabling unauthorized access.
Overview
CVE-2023-2980 is a critical vulnerability found in Abstrium Pydio Cells version 4.2.0, specifically in the User Creation Handler component. The flaw leads to improper control of resource identifiers, allowing an attacker to manipulate identifiers during user creation. This vulnerability can be exploited remotely without authentication, making it highly dangerous for unpatched instances [1].
Exploitation
Attackers can initiate the exploit remotely by sending crafted requests to the User Creation Handler. The manipulation of resource identifiers may allow an attacker to create users with elevated privileges or access resources that should be restricted. The exploit has been publicly disclosed, increasing the risk of widespread use [1].
Impact
Successful exploitation could lead to unauthorized access to sensitive data, privilege escalation, and full compromise of the affected Pydio Cells instance. Given the collaborative nature of the platform, this could expose confidential files and user accounts [1].
Mitigation
The vendor addressed the vulnerability in version 4.2.1. Users are strongly advised to upgrade immediately. No workarounds are mentioned in the advisory [1]. The official GitHub repository for Pydio Cells indicates ongoing development, and affected users should follow upgrade instructions provided by the vendor [2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/pydio/cells/v4Go | < 4.2.1 | 4.2.1 |
Affected products
3- Range: <=4.2.0
- Abstrium/Pydio Cellsv5Range: 4.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421ghsapatchWEB
- popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712beghsaexploitWEB
- github.com/advisories/GHSA-j327-c69h-4gh8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2980ghsaADVISORY
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.