File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Apply(user), then strips only Admin. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side execution, and set Execute=true in the default user template, any unauthenticated user who self-registers inherits shell execution capabilities and can run arbitrary commands on the server. This issue has been patched in version 2.62.2.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

特权管理不恰当

File Browser 安全漏洞

File Browser是File Browser开源的一个文件管理界面，在指定的目录，它可以用来上传，删除，预览和编辑文件。 File Browser 2.62.2之前版本存在安全漏洞，该漏洞源于signupHandler应用默认用户权限后仅剥离Admin权限，未剥离Execute权限和Commands列表，可能导致未经验证的用户在注册后继承shell执行能力并在服务器上运行任意命令。

N/A

N/A