CVE-2021-41324

Source
https://cve.org/CVERecord?id=CVE-2021-41324
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41324.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41324
Published
2021-09-30T21:15:08.033Z
Modified
2026-07-08T06:03:35.419517047Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).

References

Affected packages

Git / github.com/pydio/cells

Affected ranges

Type
GIT
Repo
https://github.com/pydio/cells
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:pydio:cells:2.2.9:*:*:*:-:*:*:*",
        "cpe:2.3:a:pydio:cells:2.2.9:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.2.9"
        },
        {
            "last_affected": "2.2.9"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.2.9
v2.*
v2.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41324.json"