CVE-2018-1999017

Name of the Vulnerable Software and Affected Versions Pydio versions 8.2.0 and earlier

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability in the getUpgradePath($url) function, located in plugins/action.updater/UpgradeManager.php. This vulnerability can be exploited by an authenticated admin user who enters a URL into the Upgrade Engine and then reloads the page or presses "Check Now", allowing the attacker to request arbitrary URLs and pivot requests through the server.

Recommendations For Pydio versions 8.2.0 and earlier, update to version 8.2.1 to resolve the issue.