Pydio 8 Sec. Issue CVE 2019-10049 Privledge Escalation

Curious if the vulnerablity affects earlier branches of pydio 8 (.01) and whether it is limited to sharing (which we have disabled).

We will likely upgrade the question is am I doing it this afternoon or later this week.

Hi, it probably affect earlier versions as well, but frankly the scenario is complex, and user must first be authenticated, and admin must open a shared link send by a user, so I would say it’s not a matter of hours…