CVE-2021-41325
First published: Thu Sep 30 2021(Updated: )
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.)
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pydio Cells | =2.2.9 | |
| Pydio Cells | =2.2.9 | |
| =2.2.9 | ||
| =2.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-41325?
CVE-2021-41325 refers to the vulnerability where broken access control in Pydio Cells 2.2.9 allows remote anonymous users to create standard users and grant admin permissions.
How severe is CVE-2021-41325?
CVE-2021-41325 has a severity keyword of 'medium' and a severity value of 6.5.
How can I fix the CVE-2021-41325 vulnerability?
To fix the CVE-2021-41325 vulnerability, upgrade to Pydio Cells version 2.2.12 or higher.
Where can I find more information about CVE-2021-41325?
You can find more information about CVE-2021-41325 at the following references: [Reference 1](https://charonv.net/Pydio-Broken-Access-Control/), [Reference 2](https://github.com/pydio/cells/releases/tag/v2.2.12), [Reference 3](https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/pydio
- canonical/pydio cells
- version/pydio cells/2.2.9