Описание
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
Ссылки
- ExploitThird Party Advisory
- Product
- Release Notes
- ExploitThird Party Advisory
- Product
- Release Notes
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pydio:pydio:6.0.8:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00438
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
Связанные уязвимости
CVSS3: 5.3
debian
больше 6 лет назад
Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...
github
больше 3 лет назад
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
EPSS
Процентиль: 63%
0.00438
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209