CVE-2018-1999017

low-risk
Published 2018-07-23

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have been fixed in 8.2.1.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Pydio

Affected Vendors

Pydio

References (4)

Patch https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release
Exploit https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt
Patch https://pydio.com/en/community/releases/pydio-core/pydio-821-security-release
Exploit https://www.mike-gualtieri.com/files/Pydio-8-VulnerabilityDisclosure-Jul18.txt
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal