CVE-2021-41324
MEDIUMPydio Cells 2.2.9 - Authenticated Directory Traversal via Copy/Move/Delete Features
Title source: llmDescription
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://pydio.com/fr/community/releases/pydio-cells/pydio-cells-enterprise-2212
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/pydio/cells/releases/tag/v2.2.12
Third Party Advisory x_refsource_misc
https://charonv.net/Pydio-Broken-Access-Control/
Scores
CVSS v3
6.5
EPSS
0.0206
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
pydio/cells
2.2.9 (2 CPE variants)
Published
Sep 30, 2021
Tracked Since
Feb 18, 2026