Overview :
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
Affected Product(s) :
  • Pydio 6.0.8
Vulnerability Details :
CVE ID : CVE-2019-15032
Username Leak via Error Handling
CVE ID : CVE-2019-15033
Server Side Request Forgery | Pydio Community

Solution : fix using latest patches