VYPR
Unrated severityNVD Advisory· Published May 31, 2019· Updated Aug 4, 2024

CVE-2019-10045

CVE-2019-10045

Description

The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active).

Affected products

2
  • Pydio/Pydiodescription
  • Pydio/Pydiollm-fuzzy
    Range: <=8.2.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.