Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-43820

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 Dec, 2021 | 18:55
Updated At-04 Aug, 2024 | 04:03
Rejected At-
Credits

Permissions check bypass in Seafile

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 Dec, 2021 | 18:55
Updated At:04 Aug, 2024 | 04:03
Rejected At:
▼CVE Numbering Authority (CNA)
Permissions check bypass in Seafile

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.

Affected Products
Vendor
haiwen
Product
seafile-server
Versions
Affected
  • Community Edition < 8.0.8
  • Pro Edition < 8.0.15
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639: Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639: Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
x_refsource_CONFIRM
https://github.com/haiwen/seafile-server/pull/520
x_refsource_MISC
Hyperlink: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/haiwen/seafile-server/pull/520
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
x_refsource_CONFIRM
x_transferred
https://github.com/haiwen/seafile-server/pull/520
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/haiwen/seafile-server/pull/520
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 Dec, 2021 | 19:15
Updated At:21 Dec, 2021 | 17:17

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
seafile
seafile
>>seafile_server>>Versions before 8.0.8(exclusive)
cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*
seafile
seafile
>>seafile_server>>Versions before 8.0.15(exclusive)
cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*
seafile
seafile
>>seafile_server>>Versions from 9.0.0(inclusive) to 9.0.2(exclusive)
cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarysecurity-advisories@github.com
CWE ID: CWE-639
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/haiwen/seafile-server/pull/520security-advisories@github.com
Patch
Third Party Advisory
https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8security-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/haiwen/seafile-server/pull/520
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
Source: security-advisories@github.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2024-12483
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.88% / 74.47%
||
7 Day CHG+0.12%
Published-11 Dec, 2024 | 20:00
Updated-13 Dec, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dromara UJCMS User ID id authorization

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ujcmsDromara
Product-ujcmsUJCMS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-285
Improper Authorization
CVE-2023-51503
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 24.83%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 17:59
Updated-26 Aug, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.

Action-Not Available
Vendor-Automattic Inc.
Product-woopaymentsWooPayments – Fully Integrated Solution Built and Supported by Woo
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-13998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 01:59
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenappn/axenapp
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-21022
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:29
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magento Commerce Incorrect permissions Could Lead To Unauthorized Access

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Action-Not Available
Vendor-magentoAdobe Inc.
Product-magentoMagento Commerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-21012
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 22:35
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-magento_open_sourcemagento_commerceMagento Commerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-9219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.19% / 41.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 16:43
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2019-16546
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.85%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:11
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Action-Not Available
Vendor-Jenkins
Product-google_compute_engineJenkins Google Compute Engine Plugin
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-8261
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 13.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 14:21
Updated-10 Mar, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Proliz Software's OBS

Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.

Action-Not Available
Vendor-prolizyazilimProliz Software
Product-student_affairs_information_systemOBS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-25336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.14%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:49
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.

Action-Not Available
Vendor-ibexan/a
Product-ez_platform_kerneln/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-22190
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-1.00% / 76.02%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:50
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-paragon_active_assurance_control_centerParagon Active Assurance
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found