CVE-2019-15032

Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
pydiopydio
6.0.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://heitorgouvea.me/2019/09/17/CVE-2019-15032
https://pydio.com
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/
https://heitorgouvea.me/2019/09/17/CVE-2019-15032
https://pydio.com
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/