CVE-2019-15032
MEDIUMPydio 6.0.8 - Unauthenticated Sensitive Information Exposure via Remote Upload Error Message
Title source: llmDescription
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
References (3)
Core 3
Core References
Release Notes x_refsource_misc
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/
Exploit, Third Party Advisory x_refsource_misc
https://heitorgouvea.me/2019/09/17/CVE-2019-15032
Product x_refsource_misc
https://pydio.com
Scores
CVSS v3
5.3
EPSS
0.0158
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (1)
pydio/pydio
6.0.8
Published
Sep 19, 2019
Tracked Since
Feb 18, 2026