What is CVE-2023-2978?

CVE-2023-2978 is a medium-severity vulnerability in Abstrium Pydio Cells, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.6/10. Published 2023-05-30.

How severe is CVE-2023-2978?

Medium severity. CVSS v3 base score is 4.6 out of 10.

Auth bypass in Abstrium Pydio Cells

CVE-2023-2978

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. T…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.002 (47.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Abstrium Pydio Cells — versions 4.2.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

vuldb.com/ (vdb-entry, technical-description)
vuldb.com/ (signature, permissions-required)
pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 (patch)
popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712… (exploit)

Frequently asked questions

What is CVE-2023-2978?: CVE-2023-2978 is a medium-severity vulnerability in Abstrium Pydio Cells, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.6/10. Published 2023-05-30.
How severe is CVE-2023-2978?: Medium severity. CVSS v3 base score is 4.6 out of 10.