Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileRise insecure folder visibility via name-based mapping and incomplete ACL checks
Vulnerability Description
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
FileRise 访问控制错误漏洞
Vulnerability Description
FileRise是Ryan个人开发者的一个轻量级、自托管的基于web的文件管理器。 FileRise 1.4.0版本存在访问控制错误漏洞,该漏洞源于文件夹可见性和所有权可从文件夹名称推断,可能导致低权限用户查看或操作其他用户内容。
CVSS Information
N/A
Vulnerability Type
N/A