CVE-2018-25111: django-helpdesk Allows Sensitive Data Exposure
(updated )
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
References
- github.com/advisories/GHSA-m4jx-m5hg-qrxx
- github.com/django-helpdesk/django-helpdesk
- github.com/django-helpdesk/django-helpdesk/commit/f872ec252769bee5a88b06d07d3634e580c67bcc
- github.com/django-helpdesk/django-helpdesk/issues/591
- github.com/django-helpdesk/django-helpdesk/pull/1120
- github.com/django-helpdesk/django-helpdesk/releases/tag/v1.0.0
- github.com/pypa/advisory-database/tree/main/vulns/django-helpdesk/PYSEC-2025-44.yaml
- nvd.nist.gov/vuln/detail/CVE-2018-25111
Code Behaviors & Features
Detect and mitigate CVE-2018-25111 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →