Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
References
Link | Resource |
---|---|
https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-in-pydio-cells-1-4-1/ | Release Notes Third Party Advisory |
https://pydio.com/en/community/releases/pydio-cells/pydio-cells-150-performances-features-security | Vendor Advisory |
Configurations
Information
Published : 2019-06-19 17:15
Updated : 2021-07-21 04:39
NVD link : CVE-2019-12902
Mitre link : CVE-2019-12902
JSON object : View
CWE
CWE-459
Incomplete Cleanup
Products Affected
pydio
- cells