CVE-2019-10049

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10049
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10049.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10049
Published
2019-05-31T22:29:01Z
Modified
2024-09-03T02:21:30.729733Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her).

References

Affected packages

Git / github.com/pydio/pydio-core

Affected ranges

Type
GIT
Repo
https://github.com/pydio/pydio-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

6.*

6.2alpha
6.2beta
6.2rc

ajaxplorer-core-4.*

ajaxplorer-core-4.3.1
ajaxplorer-core-4.3.2
ajaxplorer-core-4.3.3
ajaxplorer-core-4.3.4

ajaxplorer-core-5.*

ajaxplorer-core-5.0.0
ajaxplorer-core-5.0.1
ajaxplorer-core-5.0.2
ajaxplorer-core-5.0.3

pydio-core-5.*

pydio-core-5.1.0
pydio-core-5.1.1
pydio-core-5.2.0
pydio-core-5.2.1
pydio-core-5.2.2
pydio-core-5.2.3
pydio-core-5.2.4
pydio-core-5.2.5
pydio-core-5.3.1
pydio-core-5.3.2
pydio-core-5.3.3
pydio-core-5.3.4

pydio-core-6.*

pydio-core-6.0.0
pydio-core-6.0.1
pydio-core-6.0.2
pydio-core-6.0.3
pydio-core-6.0.4
pydio-core-6.0.5
pydio-core-6.0.6
pydio-core-6.0.7
pydio-core-6.0.8
pydio-core-6.2.0
pydio-core-6.2.1
pydio-core-6.2.2
pydio-core-6.2.2rc
pydio-core-6.2.2rc2
pydio-core-6.2.2rc3
pydio-core-6.3.1
pydio-core-6.4.0
pydio-core-6.4.0rc1
pydio-core-6.4.0rc2
pydio-core-6.4.0rc3
pydio-core-6.4.1
pydio-core-6.4.2
pydio-core-6.4.2rc1
pydio-core-6.5.1
pydio-core-6.5.2
pydio-core-6.5.3
pydio-core-6.5.4
pydio-core-6.5.5

pydio-core-7.*

pydio-core-7.0.0
pydio-core-7.0.1
pydio-core-7.0.2
pydio-core-7.0.3
pydio-core-7.0.4

pydio-core-8.*

pydio-core-8.0.0
pydio-core-8.0.1
pydio-core-8.0.2
pydio-core-8.2.0
pydio-core-8.2.1
pydio-core-8.2.2