Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
File Browser allows sensitive data to be transferred in URL
Vulnerability Description
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
FileBrowser 安全漏洞
Vulnerability Description
FileBrowser是开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 2.33.9之前版本存在安全漏洞,该漏洞源于访问令牌作为GET参数传递,可能导致会话标识符泄露。
CVSS Information
N/A
Vulnerability Type
N/A