CVE-2018-25111

Summary

django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.

Affected Software

VendorProductVersion RangeStatus
django-helpdesk Projectdjango-helpdesk0 < 1.0.0affected

Weaknesses

  • CWE-277: CWE-277 Insecure Inherited Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References