CVE-2021-30080
published 2022-04-05CVE-2021-30080: An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.21%
64.6th percentile
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beego | beego | <= 2.0.1 | — |
| github.com | beego_beego | 0 – 1.12.11 | — |
| github.com | beego_beego_v2 | >= 2.0.0 < 2.0.3 | 2.0.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2
osv·2022-08-22
CVE-2021-30080 Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2
Access control bypass via incorrect route lookup in github.com/beego/beego and beego/v2
An issue was discovered in the route lookup process in beego which attackers to bypass access control.
GHSA
Access control bypass in Beego
ghsa·2022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego
Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
OSV
Access control bypass in Beego
osv·2022-04-06
CVE-2021-30080 [HIGH] Access control bypass in Beego
Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-05
Published