Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fess has Insecure Temporary File Permissions
Vulnerability Description
Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only.
CVSS Information
N/A
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Fess 安全漏洞
Vulnerability Description
Fess是CodeLibs Project开源的一款功能强大且易于部署的企业搜索服务器。 Fess 14.19.2之前版本存在安全漏洞,该漏洞源于createTempFile方法未设置严格权限,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A