Web Application Vulnerability in Pydio Enables Session Cookie Disclosure
CVE-2019-10045

6.5MEDIUM

Key Information:

Vendor: Pydio
Status: Pydio
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10045?

The Pydio web application is susceptible to a session cookie disclosure flaw through the 'get_sess_id' action. This vulnerability allows the session cookie value to be revealed in the response body, exposing it to potential attackers. If the session remains active, this identifier can be exploited, enabling an attacker to impersonate the legitimate user and execute actions on their behalf.

References

https://www.secureauth.com/labs/advisories

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2019
Vulnerability Reserved
Mar 25, 2019

CVE-2019-10045 Data

JSON