{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:53:02.489","vulnerabilities":[{"cve":{"id":"CVE-2021-43820","sourceIdentifier":"security-advisories@github.com","published":"2021-12-14T19:15:07.617","lastModified":"2024-11-21T06:29:51.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."},{"lang":"es","value":"Seafile es un sistema de almacenamiento en la nube de código abierto. En el protocolo de sincronización de archivos de Seafile es usado un token de sincronización para autorizar el acceso a los datos de la biblioteca. Para mejorar el rendimiento, el token es almacenado en la memoria del servidor Seaf. Al recibir un token del cliente de sincronización o del cliente SeaDrive, el servidor comprueba si el token se presenta en la caché. Sin embargo, si el token se presenta en la caché, el servidor no comprueba si está asociado a la biblioteca específica en la URL. Esta vulnerabilidad permite usar cualquier token de sincronización válido para acceder a los datos de cualquier biblioteca **known**. Tenga en cuenta que el atacante debe averiguar primero el ID de una biblioteca a la que no presenta acceso. El ID de la biblioteca es un UUID aleatorio, que no es posible adivinar. No se presentan soluciones para este problema"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*","versionEndExcluding":"8.0.8","matchCriteriaId":"58002BD3-0F91-43BA-B2A5-795057DAEA71"},{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*","versionEndExcluding":"8.0.15","matchCriteriaId":"23BB449E-446B-490F-982B-FD5720302333"},{"vulnerable":true,"criteria":"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.2","matchCriteriaId":"54565D96-E035-4CB3-8AF0-8ED3EB98D81B"}]}]}],"references":[{"url":"https://github.com/haiwen/seafile-server/pull/520","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/haiwen/seafile-server/pull/520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}