CVE-2018-25111
MEDIUM5.1EPSS 0.08%django-helpdesk Allows Sensitive Data Exposure
發布日:2025/5/31修改日:2025/6/4
描述
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
受影響套件(2)
- PyPI/django-helpdeskfrom 0, < 1.0.0
- PyPI/django-helpdeskfrom 0, < 0d91fcca0b6a98a4e7248368bc1dc4f06c682159 | from 0, < 1.0.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-25111
- PATCHhttps://github.com/django-helpdesk/django-helpdesk
- WEBhttps://github.com/django-helpdesk/django-helpdesk/commit/f872ec252769bee5a88b06d07d3634e580c67bcc
- WEBhttps://github.com/django-helpdesk/django-helpdesk/issues/591
- WEBhttps://github.com/django-helpdesk/django-helpdesk/pull/1120
- WEBhttps://github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2025-44.yaml