漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force
Vulnerability Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue.
CVSS Information
N/A
Vulnerability Type
使用不充分的随机数
Vulnerability Title
FreeScout 安全特征问题漏洞
Vulnerability Description
FreeScout是FreeScout公司的一个使用 PHP(Laravel 框架)构建的超轻量级且功能强大的免费开源帮助台和共享收件箱。 FreeScout 1.8.213之前版本存在安全特征问题漏洞,该漏洞源于附件下载令牌使用弱且可预测的公式生成,可能导致未经身份验证的攻击者伪造有效令牌并下载任何私有附件。
CVSS Information
N/A
Vulnerability Type
N/A