Vulnerabilities > CVE-2019-15033 - Server-Side Request Forgery (SSRF) vulnerability in Pydio 6.0.8

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pydio

CWE-918

NVD

Published: 2019-09-19

Updated: 2019-09-20

Summary

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

Vulnerable Configurations

Part	Description	Count
Application	Pydio Pydio Pydio 6.0.8	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://pydio.com
https://heitorgouvea.me/2019/09/17/CVE-2019-15033
https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/