CVE-2023-32749

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-32749

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32749.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-32749

Published

2023-06-08T00:00:00Z

Modified

2026-05-08T04:52:03.611676Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32749.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/pydio/cells

Affected ranges

Type

GIT

Repo

https://github.com/pydio/cells

Events

Introduced

d7276aacaea3f7c35ece7c893f4098b89bdc5d90

Fixed

5172c53ade7333e35664d47e56032c274b15a292

Database specific

{
    "cpe": "cpe:2.3:a:pydio:cells:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32749.json"