OpenCVE

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pydio	Cells

Configuration 1 [-]

OR	cpe:2.3:a:pydio:cells::::::::
	cpe:2.3:a:pydio:cells::::::::

No data.

References

Link	Providers
https://www.redteam-pentesting.de/advisories/rt-sa-2023-004/
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-08T00:00:00

Updated: 2024-08-02T15:25:36.998Z

Reserved: 2023-05-15T00:00:00

Link: CVE-2023-32751

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-08T21:15:17.427

Modified: 2024-11-21T08:03:58.400

Link: CVE-2023-32751

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC5DD7AD-4965-45AF-96FF-DD160981D87F", "versionEndExcluding": "3.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*", "matchCriteriaId": "5644B716-3AA9-4591-A7B1-9356183B93FD", "versionEndExcluding": "4.1.3", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript [1]. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross-site scripting vulnerability."}, {"lang": "es", "value": "Pydio Cells en la versi\u00f3n 4.1.2 permite ataques de Cross-Site Scripting (XSS). Pydio Cells implementa la descarga de archivos utilizando URLs prefirmadas que se generan utilizando el SDK de Amazon AWS para JavaScript. Los secretos utilizados para firmar estas URLs est\u00e1n codificados y expuestos a trav\u00e9s de los archivos JavaScript de la aplicaci\u00f3n web. Por lo tanto, es posible generar firmas v\u00e1lidas para URLs de descarga arbitrarias. Al cargar un archivo HTML y modificar la URL de descarga para servir el archivo en l\u00ednea en lugar de como un archivo adjunto, cualquier c\u00f3digo JavaScript incluido se ejecuta cuando la URL se abre en un navegador, lo que conduce a una vulnerabilidad de Cross-Site Scripting. "}], "id": "CVE-2023-32751", "lastModified": "2024-11-21T08:03:58.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-08T21:15:17.427", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}