Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
Vulnerability Description
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without the password. Versions 1.1.3-stable and 1.2.6-beta fix the issue.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
FileBrowser 安全漏洞
Vulnerability Description
FileBrowser是Seagate开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 1.1.3-stable之前版本和1.2.6-beta之前版本存在安全漏洞,该漏洞源于API返回受密码保护共享文件的直接下载链接,可能导致接收者完全绕过密码下载文件。
CVSS Information
N/A
Vulnerability Type
N/A