Lucene search

[email protected]CVE-2019-15032

HistorySep 19, 2019 - 5:15 p.m.

CVE-2019-15032

2019-09-1917:15:12

CWE-209

[email protected]

web.nvd.nist.gov

pydio

error reporting

unauthenticated uploads

security vulnerability

information disclosure

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.

Affected configurations

NVD

Node

pydiopydioMatch6.0.8

CPENameOperatorVersion
pydio:pydiopydioeq6.0.8

CPE	Name	Operator	Version
pydio:pydio	pydio	eq	6.0.8

References

heitorgouvea.me/2019/09/17/CVE-2019-15032

pydio.com

sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for CVE-2019-15032

osv1 nvd1 cvelist1 prion1 openvas1