cbcvebase.
CVE-2022-31259
published 2022-05-21

CVE-2022-31259: The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
21.57%
97.3th percentile
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

Affected

4 ranges
VendorProductVersion rangeFixed in
beegobeego<= 1.12.4
beegobeego2.0.0 – 2.0.2
github.combeego_beego>= 0 < 1.12.91.12.9
github.combeego_beego_v2>= 0 < 2.0.32.0.3

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.