CVE-2023-32749 - OpenCVE

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pydio	Cells

Configuration 1 [-]

OR	cpe:2.3:a:pydio:cells::::::::
	cpe:2.3:a:pydio:cells::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2023/May/18
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-08T00:00:00

Updated: 2024-08-02T15:25:37.025Z

Reserved: 2023-05-15T00:00:00

Link: CVE-2023-32749

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-08T20:15:09.430

Modified: 2023-06-15T18:54:39.543

Link: CVE-2023-32749

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-32749", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:25:37.025Z", "dateReserved": "2023-05-15T00:00:00", "datePublished": "2023-06-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-08T00:00:00"}, "descriptions": [{"lang": "en", "value": "Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"}, {"name": "20230530 [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/May/18"}, {"url": "http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html"}, {"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.025Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses", "tags": ["x_transferred"]}, {"name": "20230530 [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/May/18"}, {"url": "http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html", "tags": ["x_transferred"]}, {"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC5DD7AD-4965-45AF-96FF-DD160981D87F", "versionEndExcluding": "3.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*", "matchCriteriaId": "5644B716-3AA9-4591-A7B1-9356183B93FD", "versionEndExcluding": "4.1.3", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted."}], "id": "CVE-2023-32749", "lastModified": "2023-06-15T18:54:39.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-08T20:15:09.430", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/May/18"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorised-role-assignments"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}