- Risk: low
- CVSS v3 Base Score: 1.2
- CVSS v3 Vector: AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N
- CWE ID: CWE-280
- CWE Name: Improper Handling of Insufficient Permissions or Privileges
Description
When using an object storage like S3 as the file store, if a user creates a public link to a folder where anonymous users can upload files, if a user uploads a virus the files antivirus app would detect the virus but fail to delete it due to permission issues.
Affected
- files_antivirus version < 0.15.2 (CVE-2020-16144)
Action taken
Improve deletion logic of the file antivirus app