CVE-2021-41324

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-41324
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41324.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41324
Published
2021-09-30T21:15:08.033Z
Modified
2026-04-10T04:38:28.800035Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).

References

Affected packages

Git / github.com/pydio/cells

Affected ranges

Type
GIT
Repo
https://github.com/pydio/cells
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf8dab5674c7ec0aa9237b657f006146c9c16f6e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf8dab5674c7ec0aa9237b657f006146c9c16f6e
Fixed
3cf641708e40fa76ec064b283796d28e831587f2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.9"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.1
v1.2.0
v1.2.1
v1.2.2
v1.4.0
v1.5.0
v2.*
v2.0.0
v2.0.2-dev.20191219
v2.0.3
v2.0.5
v2.1.0
v2.1.0-rc0
v2.1.2
v2.1.3
v2.1.5
v2.1.6
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc4
v2.2.1
v2.2.11
v2.2.4
v2.2.5
v2.2.8
v2.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41324.json"