|
1 | 1 | [id] |
2 | 2 | ave_id = "AVE-2018-0040" |
3 | 3 | cve_id = "CVE-2018-25111" |
4 | | -aliases = ["CVE-2018-25111", "GHSA-m4jx-m5hg-qrxx", "EUVD-2025-16536", "SNYK-PYTHON-DJANGOHELPDESK-10291053"] |
| 4 | +aliases = ["CVE-2018-25111"] |
5 | 5 |
|
6 | 6 | [basic] |
7 | | -title = "Django-Helpdesk os.umask(0) 敏感数据暴露漏洞" |
8 | | -description = "django-helpdesk 1.0.0 之前的版本因在 models.py 中使用 os.umask(0) 导致敏感数据暴露。该函数将文件创建掩码设为 0,禁用了默认的权限限制,使得应用创建的文件继承过于宽松的访问控制。攻击者可利用此配置读取或修改工单附件、用户详情或系统日志等敏感数据,造成未授权的信息泄露或数据篡改。攻击条件为本地访问,无需特殊权限。" |
| 7 | +title = "Django-Helpdesk 敏感数据暴露漏洞" |
| 8 | +description = "Django-Helpdesk 在 1.0.0 版本之前存在敏感数据暴露漏洞。由于 models.py 中使用了 os.umask(0) 创建附件目录,导致新创建的文件和目录权限被设置为 0777,攻击者可通过本地访问读取敏感附件文件或获取未授权信息。" |
9 | 9 | severity = "MEDIUM" |
10 | | -score = 5.1 |
11 | | -cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" |
12 | | -published = "2025-05-31" |
13 | | -updated = "2025-06-02" |
14 | | -remediation = "将 django-helpdesk 升级至 1.0.0 或更高版本。若暂时无法升级,可在部署后手动执行 chmod -R o-rwx /path/to/helpdesk_media/ 限制文件权限,并审查 models.py 中 os.umask(0) 的使用,替换为安全的掩码值(如 0o077)以确保文件仅限所有者访问。" |
15 | | -sources = ["nvd", "avd", "github", "snyk"] |
| 10 | +score = 4.4 |
| 11 | +remediation = "升级 django-helpdesk 至 v1.0.0 或更高版本。如无法立即升级,可在 models.py 中移除 os.umask(0) 调用,并将附件目录权限模式设置为 0755。" |
| 12 | +published = "2025-05-30" |
| 13 | +updated = "2025-06-16" |
| 14 | +sources = ["nvd", "avd"] |
16 | 15 |
|
17 | 16 | [affected] |
18 | 17 | vendor = "django-helpdesk Project" |
19 | 18 | product = "django-helpdesk" |
20 | 19 |
|
21 | | -[exploit] |
22 | | -poc_urls = [ |
23 | | - { url = "https://github.com/django-helpdesk/django-helpdesk/pull/1120", description = "修复 os.umask(0) 问题的补丁 PR", source = "github" } |
24 | | -] |
25 | | -exp_urls = [] |
26 | | -nuclei_templates = [] |
27 | | - |
28 | 20 | [references] |
29 | 21 | nvd = "https://nvd.nist.gov/vuln/detail/CVE-2018-25111" |
30 | | -avd = "https://avd.xianjincard.com/avd/CVE-2018-25111" |
| 22 | +avd = "https://avd.aegisinfo.com/CVE-2018-25111" |
31 | 23 | other = [ |
32 | | - "https://github.com/django-helpdesk/django-helpdesk/issues/591", |
33 | | - "https://github.com/django-helpdesk/django-helpdesk/pull/1120", |
34 | | - "https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0", |
35 | | - "https://github.com/advisories/GHSA-m4jx-m5hg-qrxx", |
36 | | - "https://security.snyk.io/vuln/SNYK-PYTHON-DJANGOHELPDESK-10291053", |
37 | | - "https://app.opencve.io/cve/CVE-2018-25111", |
38 | | - "https://cvefeed.io/vuln/detail/CVE-2018-25111" |
| 24 | + "https://github.com/django-helpdesk/django-helpdesk/issues/591", |
| 25 | + "https://github.com/django-helpdesk/django-helpdesk/pull/1120", |
| 26 | + "https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0" |
39 | 27 | ] |
40 | 28 |
|
| 29 | +[exploit] |
| 30 | +poc_urls = [ |
| 31 | + "https://github.com/django-helpdesk/django-helpdesk/pull/1120" |
| 32 | +] |
| 33 | +exp_urls = [] |
| 34 | + |
41 | 35 | [meta] |
42 | | -collected_at = "2025-07-11T00:00:00Z" |
43 | 36 | status = "completed" |
| 37 | +collected_at = "2026-07-11T00:00:00+00:00" |
0 commit comments