Unrated severityNVD Advisory· Published Jun 8, 2023· Updated Jan 6, 2025
CVE-2023-32749
CVE-2023-32749
Description
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pydio/Cellsdescription
Patches
Vulnerability mechanics
References
4- seclists.org/fulldisclosure/2023/May/18mitremailing-list
- packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.htmlmitre
- www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analysesmitre
- www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignmentsmitre
News mentions
0No linked articles in our index yet.