CVE-2018-25111
MEDIUM5.1EPSS 0.08%django-helpdesk Allows Sensitive Data Exposure
Published: 5/31/2025Modified: 6/4/2025
Description
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
Affected packages (2)
- PyPI/django-helpdeskfrom 0, < 1.0.0
- PyPI/django-helpdeskfrom 0, < 0d91fcca0b6a98a4e7248368bc1dc4f06c682159 | from 0, < 1.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-25111
- PATCHhttps://github.com/django-helpdesk/django-helpdesk
- WEBhttps://github.com/django-helpdesk/django-helpdesk/commit/f872ec252769bee5a88b06d07d3634e580c67bcc
- WEBhttps://github.com/django-helpdesk/django-helpdesk/issues/591
- WEBhttps://github.com/django-helpdesk/django-helpdesk/pull/1120
- WEBhttps://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2025-44.yaml