Vulnerabilities > CVE-2023-32750 - Server-Side Request Forgery (SSRF) vulnerability in Pydio Cells
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
- https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses