Vulnerabilities > CVE-2021-41325 - Unspecified vulnerability in Pydio Cells 2.2.9

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

pydio

NVD

Published: 2021-09-30

Updated: 2022-07-12

Summary

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)

Vulnerable Configurations

Part	Description	Count
Application	Pydio Pydio Cells 2.2.9	2

References

https://github.com/pydio/cells/releases/tag/v2.2.12
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
https://charonv.net/Pydio-Broken-Access-Control/