What is CVE-2023-32749?

CVE-2023-32749 is a vulnerability in N/a. Published 2023-06-08.

Is CVE-2023-32749 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By ass…

EPSS: 0.538 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

alaeddine03/CVE-2023-32749-PoC
xcr-19/CVE-2023-32749
ARPSyndicate/cve-scores
nomi-sec/PoC-in-GitHub

References

www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-an…
20230530 [RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments (mailing-list)
packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html
www.redteam-pentesting.de/en/advisories/rt-sa-2023-003/-pydio-cells-unauthorise…

Frequently asked questions

What is CVE-2023-32749?: CVE-2023-32749 is a vulnerability in N/a. Published 2023-06-08.
Is CVE-2023-32749 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.