File Browser share links remain accessible after Share/Download permissions are revoked

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. This vulnerability is fixed in 2.63.1.

N/A

授权机制不正确

File Browser 安全漏洞

File Browser是File Browser开源的一个文件管理界面，在指定的目录，它可以用来上传，删除，预览和编辑文件。 File Browser 2.63.1之前版本存在安全漏洞，该漏洞源于管理员撤销用户的共享和下载权限后，现有共享链接仍可被未经验证的用户完全访问，可能导致权限绕过。

N/A

N/A