Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary.
AnalysisAI
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary. Affected products include: Pydio Cells.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Pydio Cells allows users by default to create so-called external users in order to share files with them. Rated high sev
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Rated high severity (CVSS 7.0)
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key
Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low
Pydio Cells 2.0.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentic
Pydio Cells through 4.1.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user r
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden share
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enu
Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today