Home

Description

django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.

PUBLISHED Reserved 2025-05-31 | Published 2025-05-31 | Updated 2025-06-02 | Assigner mitre




MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-277 Insecure Inherited Permissions

Product status

Default status
unaffected

Any version before 1.0.0
affected

References

github.com/django-helpdesk/django-helpdesk/pull/1120 exploit

github.com/django-helpdesk/django-helpdesk/pull/1120

github.com/...o-helpdesk/django-helpdesk/releases/tag/v1.0.0

github.com/django-helpdesk/django-helpdesk/issues/591

cve.org (CVE-2018-25111)

nvd.nist.gov (CVE-2018-25111)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.