Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by haiwen
CVE-2026-56768 (GCVE-0-2026-56768)
Vulnerability from cvelistv5 – Published: 2026-06-25 18:05 – Updated: 2026-06-25 18:05 X_Open Source
VLAI
Title
Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method
Summary
Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees.
Severity
CWE
- CWE-862 - Missing Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://plus.seafile.com/wiki/publish/seafile-wik… | release-notes |
| https://github.com/haiwen/seahub/issues/9050 | issue-tracking |
| https://github.com/haiwen/seahub/commit/b609949cf… | patch |
| https://github.com/haiwen/seahub/commit/162cddae0… | patch |
| https://www.vulncheck.com/advisories/seahub-authe… | third-party-advisory |
Date Public
2026-05-29 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "seahub",
"repo": "https://github.com/haiwen/seahub",
"vendor": "haiwen",
"versions": [
{
"lessThan": "13.0.23",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:05:06.817Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://plus.seafile.com/wiki/publish/seafile-wiki/v5D5/"
},
{
"name": "GitHub Issue",
"tags": [
"issue-tracking"
],
"url": "https://github.com/haiwen/seahub/issues/9050"
},
{
"name": "Patch Commit (1)",
"tags": [
"patch"
],
"url": "https://github.com/haiwen/seahub/commit/b609949cf64ed6a15708d0fb5ea9c179962e23cc"
},
{
"name": "Patch Commit (2)",
"tags": [
"patch"
],
"url": "https://github.com/haiwen/seahub/commit/162cddae0831188d02bb8d451dc2193e197dcc57"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/seahub-authentication-bypass-in-sharelinkziptaskview-get-method"
}
],
"tags": [
"x_open-source"
],
"title": "Seahub \u003c 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-56768",
"datePublished": "2026-06-25T18:05:06.817Z",
"dateReserved": "2026-06-22T21:55:17.942Z",
"dateUpdated": "2026-06-25T18:05:06.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-43820 (GCVE-0-2021-43820)
Vulnerability from cvelistv5 – Published: 2021-12-14 18:55 – Updated: 2024-08-04 04:03
VLAI
Title
Permissions check bypass in Seafile
Summary
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.
Severity
7.4 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/haiwen/seafile-server/security… | x_refsource_CONFIRM |
| https://github.com/haiwen/seafile-server/pull/520 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| haiwen | seafile-server |
Affected:
Community Edition < 8.0.8
Affected: Pro Edition < 8.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "seafile-server",
"vendor": "haiwen",
"versions": [
{
"status": "affected",
"version": "Community Edition \u003c 8.0.8"
},
{
"status": "affected",
"version": "Pro Edition \u003c 8.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T18:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
},
"title": "Permissions check bypass in Seafile",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43820",
"STATE": "PUBLIC",
"TITLE": "Permissions check bypass in Seafile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "seafile-server",
"version": {
"version_data": [
{
"version_value": "Community Edition \u003c 8.0.8"
},
{
"version_value": "Pro Edition \u003c 8.0.15"
}
]
}
}
]
},
"vendor_name": "haiwen"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8",
"refsource": "CONFIRM",
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"name": "https://github.com/haiwen/seafile-server/pull/520",
"refsource": "MISC",
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
]
},
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43820",
"datePublished": "2021-12-14T18:55:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:09.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43820 (GCVE-0-2021-43820)
Vulnerability from nvd – Published: 2021-12-14 18:55 – Updated: 2024-08-04 04:03
VLAI
Title
Permissions check bypass in Seafile
Summary
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.
Severity
7.4 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/haiwen/seafile-server/security… | x_refsource_CONFIRM |
| https://github.com/haiwen/seafile-server/pull/520 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| haiwen | seafile-server |
Affected:
Community Edition < 8.0.8
Affected: Pro Edition < 8.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "seafile-server",
"vendor": "haiwen",
"versions": [
{
"status": "affected",
"version": "Community Edition \u003c 8.0.8"
},
{
"status": "affected",
"version": "Pro Edition \u003c 8.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T18:55:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
},
"title": "Permissions check bypass in Seafile",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43820",
"STATE": "PUBLIC",
"TITLE": "Permissions check bypass in Seafile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "seafile-server",
"version": {
"version_data": [
{
"version_value": "Community Edition \u003c 8.0.8"
},
{
"version_value": "Pro Edition \u003c 8.0.15"
}
]
}
}
]
},
"vendor_name": "haiwen"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8",
"refsource": "CONFIRM",
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"name": "https://github.com/haiwen/seafile-server/pull/520",
"refsource": "MISC",
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
]
},
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43820",
"datePublished": "2021-12-14T18:55:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:09.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}