CVE-2019-16355
published 2019-09-16CVE-2019-16355: The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.36%
28.1th percentile
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beego | beego | — | — |
| github.com | astaxie_beego | >= 0 < 1.12.2 | 1.12.2 |
| github.com | beego_beego | >= 0 < 1.12.2 | 1.12.2 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Incorrect Default Permissions in Beego
osv·2022-05-24
CVE-2019-16354 [MEDIUM] Incorrect Default Permissions in Beego
Incorrect Default Permissions in Beego
The File Session Manager in Beego before 1.12.2 allows local users to read session files because of weak permissions for individual files.
GHSA
Incorrect Default Permissions in Beego
ghsa·2022-05-24
CVE-2019-16355 [MEDIUM] CWE-276 Incorrect Default Permissions in Beego
Incorrect Default Permissions in Beego
The File Session Manager in Beego before 1.12.2 allows local users to read session files because of weak permissions for individual files.
OSV
Beego has a file creation race condition
osv·2021-08-02
CVE-2019-16354 [MEDIUM] Beego has a file creation race condition
Beego has a file creation race condition
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
OSV
Incorrect permissions for critical resource in github.com/astaxie/beego
osv·2021-04-14
CVE-2019-16354 Incorrect permissions for critical resource in github.com/astaxie/beego
Incorrect permissions for critical resource in github.com/astaxie/beego
Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-16
Published