9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.6%
Pydio is prone to multiple vulnerabilities.
# Copyright (C) 2019 Greenbone Networks GmbH
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.113404");
script_version("2023-10-27T16:11:32+0000");
script_tag(name:"last_modification", value:"2023-10-27 16:11:32 +0000 (Fri, 27 Oct 2023)");
script_tag(name:"creation_date", value:"2019-06-03 11:55:43 +0000 (Mon, 03 Jun 2019)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-08-24 17:37:00 +0000 (Mon, 24 Aug 2020)");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_cve_id("CVE-2019-10045", "CVE-2019-10047", "CVE-2019-10048", "CVE-2019-10049");
script_name("Pydio <= 8.2.2 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("gb_pydio_detect.nasl");
script_mandatory_keys("pydio/installed");
script_tag(name:"summary", value:"Pydio is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- The action 'get_sess_id' in the web application of Pydio discloses the session
cookie value in the response body, enabling scripts to get access to its value.
This identifier can be reused by an attacker to impersonate a user and perform
actions on their behalf, if the session is still active.
- A stored XSS vulnerability can be exploited by leveraging the file upload and
file preview features of the application. An authenticated attacker can upload
an HTML file containing JavaScript code and afterwards a file preview URL can be
used to access the uploaded file. If a malicious user shares an uploaded HTML file
containing JavaScript code with another user of the application and tricks them into
accessing the URL that will result in the HTML code being interpreted by the web browser
and the included JavaScript code ebeing executed under the context of the victim.
- The ImageMagick plugin that is installed by default in Pydio does not perform appropriate validation
and sanitization of user supplied input in the plugin's configuration options, allowing
arbitrary shell commands to be entered that result in command execution on the underlying
operating system with the privileges of the local user running the web server.
The attacker must be authenticated into the application with an administrator account
in order to be able to edit the affected plugin configuration.
- Using the aforementioned XSS vulnerability against an administrator would allow an attacker
to gain elevated privileges.
- An issue was discovered in proxy.php. Through an unauthenticated request, it is possible to
evaluate malicious PHP code by placing it in the fourth line of a .php file, with execution via
a HTTP GET request to proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/[filename].
This is related to plugins/action.share/src/Store/ShareStore.php.");
script_tag(name:"affected", value:"Pydio through version 8.2.2.");
script_tag(name:"solution", value:"Update to version 8.2.3.");
script_xref(name:"URL", value:"https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities");
exit(0);
}
CPE = "cpe:/a:pydio:pydio";
include( "host_details.inc" );
include( "version_func.inc" );
if( ! port = get_app_port( cpe: CPE ) ) exit( 0 );
if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version: version, test_version: "8.2.3" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "8.2.3", install_path: location );
security_message( data: report, port: port );
exit( 0 );
}
exit( 99 );
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.6%