CVE-2021-41325
6.5 MEDIUMBroken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile param...
Published: 2021-09-30 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
| Vendor | Product |
|---|---|
| pydio | cells |
Description
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41325
- [Other]https://charonv.net/Pydio-Broken-Access-Control/
- [Other]https://github.com/pydio/cells/releases/tag/v2.2.12
- [Vendor advisory]https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
- [Other]https://charonv.net/Pydio-Broken-Access-Control/
- [Other]https://github.com/pydio/cells/releases/tag/v2.2.12
- [Vendor advisory]https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
Related CVEs
Same vendor
- CVE-2021-41324 — Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal f... (6.5 MEDIUM)
- CVE-2021-41323 — Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells ... (6.5 MEDIUM)