Vulnerability Description
Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pydio | Cells | < 3.0.12 |
Related Weaknesses (CWE)
References
- https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/ExploitThird Party Advisory
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerabiThird Party Advisory
- https://www.redteam-pentesting.de/advisories/rt-sa-2023-005/ExploitThird Party Advisory
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerabiThird Party Advisory
FAQ
What is CVE-2023-32750?
CVE-2023-32750 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the ba...
How severe is CVE-2023-32750?
CVE-2023-32750 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32750?
Check the references section above for vendor advisories and patch information. Affected products include: Pydio Cells.