CVE-2019-10045
MEDIUMPydio < 8.2.2 - Session Fixation via Session Cookie Disclosure
Title source: llmDescription
The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.secureauth.com/labs/advisories
Scores
CVSS v3
6.5
EPSS
0.0103
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-384
Status
published
Products (1)
pydio/pydio
< 8.2.2
Published
May 31, 2019
Tracked Since
Feb 18, 2026