CVE-2019-16355 – github.com/astaxie/beego

Package

Manager: go
Name: github.com/astaxie/beego
Vulnerable Version: >=0 <1.12.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00043 pctl0.12495

Details

Incorrect Default Permissions in Beego The File Session Manager in Beego before 1.12.2 allows local users to read session files because of weak permissions for individual files.

Metadata

Created: 2022-05-24T22:00:36Z
Modified: 2024-04-22T19:05:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hf4p-4j9r-3cvx/GHSA-hf4p-4j9r-3cvx.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-hf4p-4j9r-3cvx
Finding: F056
Auto approve: 1