Web application abuses : Pydio <= 8.2.2 Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.113404

Kategorie: Web application abuses

Titel: Pydio <= 8.2.2 Multiple Vulnerabilities

Zusammenfassung: Pydio is prone to multiple vulnerabilities.

Beschreibung: Summary:
Pydio is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- The action 'get_sess_id' in the web application of Pydio discloses the session
cookie value in the response body, enabling scripts to get access to its value.
This identifier can be reused by an attacker to impersonate a user and perform
actions on their behalf, if the session is still active.

- A stored XSS vulnerability can be exploited by leveraging the file upload and
file preview features of the application. An authenticated attacker can upload
an HTML file containing JavaScript code and afterwards a file preview URL can be
used to access the uploaded file. If a malicious user shares an uploaded HTML file
containing JavaScript code with another user of the application and tricks them into
accessing the URL that will result in the HTML code being interpreted by the web browser
and the included JavaScript code ebeing executed under the context of the victim.

- The ImageMagick plugin that is installed by default in Pydio does not perform appropriate validation
and sanitization of user supplied input in the plugin's configuration options, allowing
arbitrary shell commands to be entered that result in command execution on the underlying
operating system with the privileges of the local user running the web server.
The attacker must be authenticated into the application with an administrator account
in order to be able to edit the affected plugin configuration.

- Using the aforementioned XSS vulnerability against an administrator would allow an attacker
to gain elevated privileges.

- An issue was discovered in proxy.php. Through an unauthenticated request, it is possible to
evaluate malicious PHP code by placing it in the fourth line of a .php file, with execution via
a HTTP GET request to proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/[filename].
This is related to plugins/action.share/src/Store/ShareStore.php.

Affected Software/OS:
Pydio through version 8.2.2.

Solution:
Update to version 8.2.3.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-10045
Common Vulnerability Exposure (CVE) ID: CVE-2019-10047
Common Vulnerability Exposure (CVE) ID: CVE-2019-10048
Common Vulnerability Exposure (CVE) ID: CVE-2019-10049

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.113404
Kategorie:	Web application abuses
Titel:	Pydio <= 8.2.2 Multiple Vulnerabilities
Zusammenfassung:	Pydio is prone to multiple vulnerabilities.
Beschreibung:	Summary: Pydio is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - The action 'get_sess_id' in the web application of Pydio discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on their behalf, if the session is still active. - A stored XSS vulnerability can be exploited by leveraging the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application and tricks them into accessing the URL that will result in the HTML code being interpreted by the web browser and the included JavaScript code ebeing executed under the context of the victim. - The ImageMagick plugin that is installed by default in Pydio does not perform appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator account in order to be able to edit the affected plugin configuration. - Using the aforementioned XSS vulnerability against an administrator would allow an attacker to gain elevated privileges. - An issue was discovered in proxy.php. Through an unauthenticated request, it is possible to evaluate malicious PHP code by placing it in the fourth line of a .php file, with execution via a HTTP GET request to proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/[filename]. This is related to plugins/action.share/src/Store/ShareStore.php. Affected Software/OS: Pydio through version 8.2.2. Solution: Update to version 8.2.3. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10045 Common Vulnerability Exposure (CVE) ID: CVE-2019-10047 Common Vulnerability Exposure (CVE) ID: CVE-2019-10048 Common Vulnerability Exposure (CVE) ID: CVE-2019-10049
Copyright	Copyright (C) 2019 Greenbone Networks GmbH