Skip to content

Commit 8364b88

Browse files
committed
add: AVE-2018-0035
1 parent 8362bc8 commit 8364b88

1 file changed

Lines changed: 19 additions & 25 deletions

File tree

vulns/2018/AVE-2018-0040.toml

Lines changed: 19 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,43 +1,37 @@
11
[id]
22
ave_id = "AVE-2018-0040"
33
cve_id = "CVE-2018-25111"
4-
aliases = ["CVE-2018-25111", "GHSA-m4jx-m5hg-qrxx", "EUVD-2025-16536", "SNYK-PYTHON-DJANGOHELPDESK-10291053"]
4+
aliases = ["CVE-2018-25111"]
55

66
[basic]
7-
title = "Django-Helpdesk os.umask(0) 敏感数据暴露漏洞"
8-
description = "django-helpdesk 1.0.0 之前的版本因在 models.py 中使用 os.umask(0) 导致敏感数据暴露。该函数将文件创建掩码设为 0,禁用了默认的权限限制,使得应用创建的文件继承过于宽松的访问控制。攻击者可利用此配置读取或修改工单附件、用户详情或系统日志等敏感数据,造成未授权的信息泄露或数据篡改。攻击条件为本地访问,无需特殊权限"
7+
title = "Django-Helpdesk 敏感数据暴露漏洞"
8+
description = "Django-Helpdesk 在 1.0.0 版本之前存在敏感数据暴露漏洞。由于 models.py 中使用了 os.umask(0) 创建附件目录,导致新创建的文件和目录权限被设置为 0777,攻击者可通过本地访问读取敏感附件文件或获取未授权信息"
99
severity = "MEDIUM"
10-
score = 5.1
11-
cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
12-
published = "2025-05-31"
13-
updated = "2025-06-02"
14-
remediation = "将 django-helpdesk 升级至 1.0.0 或更高版本。若暂时无法升级,可在部署后手动执行 chmod -R o-rwx /path/to/helpdesk_media/ 限制文件权限,并审查 models.py 中 os.umask(0) 的使用,替换为安全的掩码值(如 0o077)以确保文件仅限所有者访问。"
15-
sources = ["nvd", "avd", "github", "snyk"]
10+
score = 4.4
11+
remediation = "升级 django-helpdesk 至 v1.0.0 或更高版本。如无法立即升级,可在 models.py 中移除 os.umask(0) 调用,并将附件目录权限模式设置为 0755。"
12+
published = "2025-05-30"
13+
updated = "2025-06-16"
14+
sources = ["nvd", "avd"]
1615

1716
[affected]
1817
vendor = "django-helpdesk Project"
1918
product = "django-helpdesk"
2019

21-
[exploit]
22-
poc_urls = [
23-
{ url = "https://github.com/django-helpdesk/django-helpdesk/pull/1120", description = "修复 os.umask(0) 问题的补丁 PR", source = "github" }
24-
]
25-
exp_urls = []
26-
nuclei_templates = []
27-
2820
[references]
2921
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2018-25111"
30-
avd = "https://avd.xianjincard.com/avd/CVE-2018-25111"
22+
avd = "https://avd.aegisinfo.com/CVE-2018-25111"
3123
other = [
32-
"https://github.com/django-helpdesk/django-helpdesk/issues/591",
33-
"https://github.com/django-helpdesk/django-helpdesk/pull/1120",
34-
"https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0",
35-
"https://github.com/advisories/GHSA-m4jx-m5hg-qrxx",
36-
"https://security.snyk.io/vuln/SNYK-PYTHON-DJANGOHELPDESK-10291053",
37-
"https://app.opencve.io/cve/CVE-2018-25111",
38-
"https://cvefeed.io/vuln/detail/CVE-2018-25111"
24+
"https://github.com/django-helpdesk/django-helpdesk/issues/591",
25+
"https://github.com/django-helpdesk/django-helpdesk/pull/1120",
26+
"https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0"
3927
]
4028

29+
[exploit]
30+
poc_urls = [
31+
"https://github.com/django-helpdesk/django-helpdesk/pull/1120"
32+
]
33+
exp_urls = []
34+
4135
[meta]
42-
collected_at = "2025-07-11T00:00:00Z"
4336
status = "completed"
37+
collected_at = "2026-07-11T00:00:00+00:00"

0 commit comments

Comments
 (0)