CVE-2023-2978: Authorization Bypass Through User-Controlled Key

May 30, 2023 (updated May 31, 2023)

A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability.

References

github.com/advisories/GHSA-mv7x-27pc-8c96
nvd.nist.gov/vuln/detail/CVE-2023-2978
pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421
vuldb.com/?ctiid.230210
vuldb.com/?id.230210

Code Behaviors & Features

Detect and mitigate CVE-2023-2978 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →