Information Disclosure in Pydio 6.0.8 via Unauthenticated Directory Uploads

Information Disclosure in Pydio 6.0.8 via Unauthenticated Directory Uploads

CVE-2019-15032 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.

Learn more about our Cis Benchmark Audit For Server Software.