CVE-2019-10045

Name of the Vulnerable Software and Affected Versions: Pydio versions through 8.2.2

Description: The issue in the web application allows the disclosure of the session cookie value in the response body when the action get sess id is invoked. This enables scripts to access the session cookie value, which can be reused by an attacker to impersonate a user and perform actions on their behalf if the session is still active.

Recommendations: For versions through 8.2.2, as a temporary workaround, consider restricting access to the get sess id action in the web application to minimize the risk of session cookie disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.