Описание
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist.
Ссылки
- Issue Tracking
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:filebrowser:filebrowser:2.39.0:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00367
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-305
Связанные уязвимости
github
7 месяцев назад
File Browser’s insecure JWT handling can lead to session replay attacks after logout
EPSS
Процентиль: 58%
0.00367
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-305