CNNVD-202601-2987 Information
CNNVD ID
CNNVD-202601-2987
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
FileBrowser是Seagate开源的一款网页文件浏览器。提供指定目录下的文件管理界面,可用于上传、删除、预览、重命名和编辑您的文件。它允许创建多个用户,每个用户可以有自己的目录。它可以用作独立的应用程序或中间件。 FileBrowser 2.55.0之前版本存在安全漏洞,该漏洞源于JSONAuth.Auth函数存在逻辑缺陷,可能导致未经验证的攻击者通过测量/api/login端点的响应时间来枚举有效用户名。
Description (English)
FileBrowser is a page viewer for Seagate ’ s open source. Provides a file management interface under a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users, each of whom can have its own directory. It can be used as a stand-alone application or intermediate. The security loophole in the previous version of FileBrowser 2.55.0 stems from the logical flaws in the JSONAuth.Auth function, which may lead to the unverified attacker enumerating valid user names through the time of response at the measurement/api/login endpoint.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
希捷
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/filebrowser/filebrowser/security/advisories/GHSA-43mm-m3h2-3prc https://github.com/filebrowser/filebrowser/commit/24781badd413ee20333aba5cce1919d676e01889 https://access.redhat.com/security/cve/cve-2026-23849
Patch
https://github.com/filebrowser/filebrowser/releases
Share on: