Unauthenticated Directory Upload Vulnerability in Pydio by Abstrium
CVE-2019-15032

5.3MEDIUM

Key Information:

Vendor

Pydio

Status
Pydio
Vendor
CVE Published:
19 September 2019

What is CVE-2019-15032?

The Pydio file-sharing application experiences a vulnerability due to improper error handling when it allows unauthenticated uploads in certain directories. If an attacker utilizes the remote-upload feature targeting a local URL (http://localhost:22), they can obtain sensitive information, including the usernames associated with the directories they access and other internal server details, potentially leading to further exploitation.

References

https://sourceforge.net/projects/ajaxplorer/files/pydio/s...
x_refsource_MISC
https://pydio.com
x_refsource_MISC
https://heitorgouvea.me/2019/09/17/CVE-2019-15032
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.