CVE-2021-41323
MEDIUMPydio Cells 2.2.9 - Authenticated Path Traversal via Compress Feature Format Parameter
Title source: llmDescription
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/pydio/cells/releases/tag/v2.2.12
Third Party Advisory x_refsource_misc
https://charonv.net/Pydio-Broken-Access-Control/
Scores
CVSS v3
6.5
EPSS
0.0202
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
pydio/cells
2.2.9 (2 CPE variants)
Published
Sep 30, 2021
Tracked Since
Feb 18, 2026