CNNVD-202511-1311 Information
CNNVD ID
CNNVD-202511-1311
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
FileBrowser是Seagate开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 2.45.1之前版本存在安全漏洞,该漏洞源于共享删除功能存在不安全的直接对象引用,可能导致未经授权删除共享链接。
Description (English)
FileBrowser is a page viewer for Seagate ’ s open source. Provides a file management interface under a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users, each of whom can have its own directory. It can be used as a stand-alone application or intermediate. There was a security loophole in the pre-FileBrowser 2.45.1 version, which arose out of an unsafe direct-object reference to shared deleted functions, which could lead to unauthorized deletion of shared links.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
希捷
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/filebrowser/filebrowser/commit/291223b3cefe1e50fae8f73d70464b1dc25351a4 https://github.com/filebrowser/filebrowser/security/advisories/GHSA-6cqf-cfhv-659g https://access.redhat.com/security/cve/cve-2025-64523
Patch
https://github.com/filebrowser/filebrowser/releases
Share on: