Skip to content

Commit c897c29

Browse files
committed
add: AVE-2022-0018
1 parent 77c35f0 commit c897c29

1 file changed

Lines changed: 18 additions & 30 deletions

File tree

vulns/2018/AVE-2018-0040.toml

Lines changed: 18 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,25 @@
1-
[id]
2-
ave_id = "AVE-2018-0040"
3-
cve_id = "CVE-2018-25111"
4-
aliases = ["CVE-2018-25111"]
5-
61
[basic]
7-
title = "Django-Helpdesk 敏感数据暴露漏洞"
8-
description = "Django-Helpdesk 在 1.0.0 版本之前存在敏感数据暴露漏洞。由于 models.py 中使用了 os.umask(0) 创建附件目录,导致新创建的文件和目录权限被设置为 0777,攻击者可通过本地访问读取敏感附件文件或获取未授权信息。"
9-
severity = "MEDIUM"
10-
score = 4.4
11-
remediation = "升级 django-helpdesk 至 v1.0.0 或更高版本。如无法立即升级,可在 models.py 中移除 os.umask(0) 调用,并将附件目录权限模式设置为 0755。"
12-
published = "2025-05-30"
13-
updated = "2025-06-16"
14-
sources = ["nvd", "avd"]
15-
16-
[affected]
17-
vendor = "django-helpdesk Project"
18-
product = "django-helpdesk"
19-
20-
[references]
21-
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2018-25111"
22-
avd = "https://avd.aegisinfo.com/CVE-2018-25111"
23-
other = [
24-
"https://github.com/django-helpdesk/django-helpdesk/issues/591",
25-
"https://github.com/django-helpdesk/django-helpdesk/pull/1120",
26-
"https://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0"
27-
]
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
7+
sources = ["avd"]
8+
title = "CVE-2018-25111 漏洞"
9+
updated = ""
2810

2911
[exploit]
30-
poc_urls = [
31-
"https://github.com/django-helpdesk/django-helpdesk/pull/1120"
32-
]
3312
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-2018-25111"]
17+
ave_id = "AVE-2018-0040"
18+
cve_id = "CVE-2018-25111"
3419

3520
[meta]
21+
collected_at = "2026-07-11T00:10:15.324678431+00:00"
3622
status = "completed"
37-
collected_at = "2026-07-11T00:00:00+00:00"
23+
24+
[references]
25+
urls = []

0 commit comments

Comments
 (0)