2 matches found
CVE-2018-1999017
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery SSRF vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath$url that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appear...
CVE-2018-1999017
Pydio 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) in plugins/action.updater/UpgradeManager.php at line 154 (getUpgradePath($url)). An authenticated admin can cause the server to request arbitrary URLs by entering a URL into the Upgrade Engine and reloading. The issue is mitiga...