Pydio 8 Sec. Issue CVE 2019-10049 Privledge Escalation

#1

Curious if the vulnerablity affects earlier branches of pydio 8 (.01) and whether it is limited to sharing (which we have disabled).

We will likely upgrade the question is am I doing it this afternoon or later this week.

#2

Hi, it probably affect earlier versions as well, but frankly the scenario is complex, and user must first be authenticated, and admin must open a shared link send by a user, so I would say it’s not a matter of hours…
-c