Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout
Vulnerability Description
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.
CVSS Information
N/A
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
FileBrowser 安全漏洞
Vulnerability Description
FileBrowser是开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 2.39.0版本存在安全漏洞,该漏洞源于身份验证系统存在缺陷,可能导致长期有效的JWT令牌。
CVSS Information
N/A
Vulnerability Type
N/A