First published: Thu Sep 30 2021(Updated: )
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Abstrium Pydio Cells | =2.2.9 | |
Abstrium Pydio Cells | =2.2.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Pydio Cells vulnerability is CVE-2021-41324.
The severity of CVE-2021-41324 is medium, with a severity value of 6.5.
The affected software version of CVE-2021-41324 is Pydio Cells 2.2.9.
The vulnerability in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files by exploiting directory traversal in the Copy, Move, and Delete features.
To fix CVE-2021-41324, it is recommended to update Pydio Cells to version 2.2.12 or later.