CVE-2019-15032

Name of the Vulnerable Software and Affected Versions Pydio version 6.0.8

Description The issue concerns error reporting in Pydio when a directory allows unauthenticated uploads and the remote-upload option is used with the http://localhost:22 URL. This can lead to the disclosure of sensitive information, including the name of the user who created the directory and other internal server details.

Recommendations For Pydio version 6.0.8, consider restricting access to the remote-upload option or disabling unauthenticated uploads in directories to minimize the risk of information disclosure. Additionally, review server configurations to ensure that sensitive information is not exposed through error reporting.