CVE-2020-12848

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.

CVSS v3 5.4 MEDIUM
CVSS v2.0 5.8 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html	Third Party Advisory
https://www.coresecurity.com/advisories	Third Party Advisory
https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pydio:cells:2.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-05 13:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-12848

Mitre link : CVE-2020-12848

CVE.ORG link : CVE-2020-12848

JSON object : View

Products Affected

pydio

cells

CWE

CWE-287

Improper Authentication

{"id": "CVE-2020-12848", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2020-06-05T13:15:10.617", "references": [{"url": "http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.coresecurity.com/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed."}, {"lang": "es", "value": "En Pydio Cells versi\u00f3n 2.0.4, una vez que un usuario autenticado comparte un archivo seleccionando la opci\u00f3n create a public link, se crea una cuenta de usuario compartida oculta en el backend con un nombre de usuario aleatorio. Un usuario an\u00f3nimo que obtiene un enlace p\u00fablico valido puede obtener el nombre de usuario y la contrase\u00f1a ocultos asociados a la cuenta y proceder a iniciar sesi\u00f3n en la aplicaci\u00f3n web. Una vez que haya iniciado sesi\u00f3n en la aplicaci\u00f3n web con la cuenta de usuario oculta, ahora se pueden llevar a cabo algunas acciones que no estaban disponibles con el enlace p\u00fablico compartido"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pydio:cells:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD71F82-734C-4DDA-B136-C26C71116D01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}