Nixpkgs security tracker
Untriaged
File Browser share links remain accessible after Share/Download permissions are revoked
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. This vulnerability is fixed in 2.63.1.
References
-
https://github.com/filebrowser/filebrowser/pull/5888 x_refsource_MISC
Affected products
filebrowser
- ==< 2.63.1
Matching in nixpkgs
pkgs.filebrowser
Filebrowser is a web application for managing files and directories
pkgs.filebrowser-quantum
Access and manage your files from the web
-
nixos-unstable 1.2.2-stable
- nixpkgs-unstable 1.2.2-stable
- nixos-unstable-small 1.2.2-stable
pkgs.python312Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
pkgs.python313Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
pkgs.python314Packages.filebrowser-safe
Snapshot of django-filebrowser for the Mezzanine CMS
Package maintainers
-
@HritwikSinghal Hritwik Singhal <nix@thorin.theoakenshield.com>
-
@prikhi Pavan Rikhi <pavan.rikhi@gmail.com>
-
@JocimSus Joachim Susatiyo <joe.susatiyo@gmail.com>