CVE-2020-12850
HIGH EPSS 38.5%
Published Jun 11, 20206y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
Published Jun 11, 2020 6y ago
Last Modified Jun 17, 2026 2w ago
Description
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
38.5% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-269 Improper Privilege Management Authorization
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| pydio | cells | 2.0.4 | any |
References 3
- packetstormsecurity.com http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html
- coresecurity.com https://www.coresecurity.com/advisories
- coresecurity.com https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.