Vulnerabilities > CVE-2019-12902 - Incomplete Cleanup vulnerability in Pydio Cells

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
pydio
CWE-459

Summary

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.

Common Weakness Enumeration (CWE)