Seafile Security Vulnerabilities
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
7.5CVSS
7.4AI Score
0.002EPSS
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
7.8CVSS
7.5AI Score
0.0004EPSS
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
7.5CVSS
7.4AI Score
0.002EPSS
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.
7.8CVSS
7.5AI Score
0.001EPSS
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
5.4CVSS
5.2AI Score
0.001EPSS
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the ...
7.4CVSS
5.5AI Score
0.001EPSS
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
5.4CVSS
5.2AI Score
0.0004EPSS
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
6.1CVSS
6.2AI Score
0.0005EPSS