File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1- [id ]
2- ave_id = " AVE-2018-0040"
3- cve_id = " CVE-2018-25111"
4- aliases = [" CVE-2018-25111" ]
5-
61[basic ]
7- title = " Django-Helpdesk 敏感数据暴露漏洞"
8- description = " Django-Helpdesk 在 1.0.0 版本之前存在敏感数据暴露漏洞。由于 models.py 中使用了 os.umask(0) 创建附件目录,导致新创建的文件和目录权限被设置为 0777,攻击者可通过本地访问读取敏感附件文件或获取未授权信息。"
9- severity = " MEDIUM"
10- score = 4.4
11- remediation = " 升级 django-helpdesk 至 v1.0.0 或更高版本。如无法立即升级,可在 models.py 中移除 os.umask(0) 调用,并将附件目录权限模式设置为 0755。"
12- published = " 2025-05-30"
13- updated = " 2025-06-16"
14- sources = [" nvd" , " avd" ]
15-
16- [affected ]
17- vendor = " django-helpdesk Project"
18- product = " django-helpdesk"
19-
20- [references ]
21- nvd = " https://nvd.nist.gov/vuln/detail/CVE-2018-25111"
22- avd = " https://avd.aegisinfo.com/CVE-2018-25111"
23- other = [
24- " https://github.com/django-helpdesk/django-helpdesk/issues/591" ,
25- " https://github.com/django-helpdesk/django-helpdesk/pull/1120" ,
26- " https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0"
27- ]
2+ description = " "
3+ published = " "
4+ remediation = " Refer to vendor advisory and upgrade to fixed version."
5+ score = 0.0
6+ severity = " UNKNOWN"
7+ sources = [" avd" ]
8+ title = " CVE-2018-25111 漏洞"
9+ updated = " "
2810
2911[exploit ]
30- poc_urls = [
31- " https://github.com/django-helpdesk/django-helpdesk/pull/1120"
32- ]
3312exp_urls = []
13+ poc_urls = []
14+
15+ [id ]
16+ aliases = [" CVE-2018-25111" ]
17+ ave_id = " AVE-2018-0040"
18+ cve_id = " CVE-2018-25111"
3419
3520[meta ]
21+ collected_at = " 2026-07-11T00:10:15.324678431+00:00"
3622status = " completed"
37- collected_at = " 2026-07-11T00:00:00+00:00"
23+
24+ [references ]
25+ urls = []
You can’t perform that action at this time.
0 commit comments